CVE-2025-8078 — OS Command Injection in Zyxel ZLD

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 71.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel ZLD Zyxel ATP Series Firmware Zyxel Usg20 VPN Series Firmware +2 more

Timeline

PublishedOct 21

Latest updateDec 2

Description

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI comm…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5zyxel/usg_flex_series_firmwareversion from V4.50 through V5.40

▶CVEListV5zyxel/usg_flex_50_series_firmwareversions from V4.16 through V5.40

▶CVEListV5zyxel/usg20_vpn_series_firmwareversions from V4.16 through V5.40

▶CVEListV5zyxel/atp_series_firmwareversions from V4.32 through V5.40

▶NVDzyxel/zld4.32 — 5.41+2

🔴Vulnerability Details

CVEList

CVE-2025-8078: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4↗2025-10-21

▶

GHSA

GHSA-fr9h-qfx7-p4r3: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4↗2025-10-21

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Zyxel ATP Authenticated Remote Code Execution (CVE-2025-8078)↗2025-12-02

▶