Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-1731Incorrect Permission Assignment in Zyxel UOS

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Zyxel UOSZyxel USG Flex H Series UOS Firmware
Timeline
PublishedApr 22
Latest updateMay 18

Description

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zyxel/usg_flex_h_series_uos_firmwarefrom V1.20 through V1.31
NVDzyxel/uos1.201.32

🔴Vulnerability Details

2
CVEList
CVE-2025-1731: An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V12025-04-22
GHSA
GHSA-2w3x-653c-q4pc: An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V12025-04-22

💥Exploits & PoCs

1
Exploit-DB
Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation2025-05-18
CVE-2025-1731 — Incorrect Permission Assignment | cvebase