CVE-2025-7673
published 2025-07-16CVE-2025-7673: A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | emg3525-t50b_firmware | < 5.50\(abpm.4\)c0 | 5.50\(abpm.4\)c0 |
| zyxel | emg3525-t50b_firmware | < 5.50\(absl.0\)b8 | 5.50\(absl.0\)b8 |
| zyxel | emg5523-t50b_firmware | < 5.50\(abpm.4\)c0 | 5.50\(abpm.4\)c0 |
| zyxel | emg5523-t50b_firmware | < 5.50\(absl.0\)b8 | 5.50\(absl.0\)b8 |
| zyxel | emg5723-t50k_firmware | < 5.50\(abom.5\)c0 | 5.50\(abom.5\)c0 |
| zyxel | emg6726-b10a_firmware | < 5.13\(abnp.6\).c | 5.13\(abnp.6\).c |
| zyxel | ex3510-b0_firmware | < 5.17\(abup.3\)c0 | 5.17\(abup.3\)c0 |
| zyxel | ex5510-b0_firmware | < 5.15\(abqx.3\)c0 | 5.15\(abqx.3\)c0 |
| zyxel | vmg1312-t20b_firmware | < 5.50\(absb.3\)c0 | 5.50\(absb.3\)c0 |
| zyxel | vmg3625-t50b_firmware | < 5.50\(abpm.4\)c0 | 5.50\(abpm.4\)c0 |
| zyxel | vmg3925-b10b_firmware | < 5.13\(aavf.16\)c | 5.13\(aavf.16\)c |
| zyxel | vmg3925-b10c_firmware | < 5.13\(aavf.16\)c | 5.13\(aavf.16\)c |
| zyxel | vmg3927-b50a_firmware | < 5.15\(abmt.5\)c0 | 5.15\(abmt.5\)c0 |
| zyxel | vmg3927-b50b_firmware | < 5.13\(ably.6\)c0 | 5.13\(ably.6\)c0 |
| zyxel | vmg3927-b60a_firmware | < 5.15\(abmt.5\)c0 | 5.15\(abmt.5\)c0 |
| zyxel | vmg3927-t50k_firmware | < 5.50\(abom.5\)c0 | 5.50\(abom.5\)c0 |
| zyxel | vmg4005-b50b_firmware | < 5.13\(abrl.5\)c0 | 5.13\(abrl.5\)c0 |
| zyxel | vmg4927-b50a_firmware | < 5.13\(ably.6\)c0 | 5.13\(ably.6\)c0 |
| zyxel | vmg8623-t50b_firmware | < 5.50\(abpm.4\)c0 | 5.50\(abpm.4\)c0 |
| zyxel | vmg8825-b50a_firmware | < 5.15\(abmt.5\)c0 | 5.15\(abmt.5\)c0 |
| zyxel | vmg8825-b60a_firmware | < 5.15\(abmt.5\)c0 | 5.15\(abmt.5\)c0 |
| zyxel | vmg8825-bx0b_firmware | < 5.17\(abny.5\)c0 | 5.17\(abny.5\)c0 |
| zyxel | vmg8825-t50k_firmware | < V5.50(ABOM.5)C0 | V5.50(ABOM.5)C0 |
| zyxel | vmg8825-t50k_firmware | < 5.50\(abom.5\)c0 | 5.50\(abom.5\)c0 |
| zyxel | vmg8924-b10d_firmware | < 5.13\(abgq.6\)c0 | 5.13\(abgq.6\)c0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL