November 10, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Products Vulnerabilities
October 21, 2025
Multiple F5 BIG-IP Products Vulnerabilities
October 21, 2025
Multiple Microsoft Products Vulnerabilities
October 21, 2025
Multiple F5 BIG-IP Products Vulnerabilities
October 21, 2025
Severity
High
Analysis Summary
CVE-2025-8078 CVSS:7.2
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
CVE-2025-9133 CVSS:8.1
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-8078
CVE-2025-9133
Affected Vendors
- Zyxel
Affected Products
- Zyxel ATP ZLD V4.32 to V5.40
- Zyxel USG FLEX ZLD V4.50 to V5.40
- Zyxel USG FLEX 50(W)/USG20(W)-VPN ZLD V4.16 to V5.40
Remediation
Refer to Zyxel Networks Security Advisory for patch, upgrade, or suggested workaround information.