CVE-2025-6265

CWE-22 — Path Traversal3 documents3 sources

Severity

7.2HIGH

EPSS

0.2%

top 56.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nwa50ax PRO Firmware Zyxel Nwa110ax Firmware Zyxel Nwa1123ac PRO Firmware +20 more

Timeline

PublishedJul 15

Description

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages24 packages

▶NVDzyxel/nwa50ax_firmware7.10\(abyw.1\)

▶CVEListV5zyxel/nwa50ax_pro_firmware7.10(ACGE.2)

▶NVDzyxel/nwa50ax_pro_firmware7.10\(acge.2\)

▶NVDzyxel/wbe530_firmware7.10\(acle.2\)

▶NVDzyxel/nwa90ax_firmware7.10\(accv.1\)

🔴Vulnerability Details

GHSA

GHSA-gphq-p3w8-j8vc: A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7↗2025-07-15

▶

CVEList

CVE-2025-6265: A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7↗2025-07-15

▶