CVE-2025-11848

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 88.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b1 Firmware Zyxel Dx3300-t0 Firmware Zyxel Dx3300-t1 Firmware +45 more

Timeline

PublishedFeb 24

Description

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages50 packages

▶NVDzyxel/vmg3625-t50b_firmware< 5.50\(abpm.9.7\)c0

▶CVEListV5zyxel/vmg3625-t50b_firmware5.50(ABPM.9.6)C0

▶NVDzyxel/wx3100-t0_firmware< 5.50\(abvl.4.9\)c0

▶NVDzyxel/emg3525-t50b_firmware< 5.50\(abpm.9.7\)c0

▶NVDzyxel/emg5523-t50b_firmware< 5.50\(abpm.9.7\)c0

🔴Vulnerability Details

CVEList

CVE-2025-11848: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5↗2026-02-24

▶

GHSA

GHSA-m8fj-fqgq-fj22: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5↗2026-02-24

▶