CVE-2025-1732
published 2025-04-22CVE-2025-1732: An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EXPLOIT
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | uos | — | — |
| zyxel | usg_flex_h_series_uos_firmware | <= V1.31 | — |