Analysis Summary

CVE-2025-3577 CVSS:4.9

A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.

CVE-2025-1732 CVSS:6.7

An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

CVE-2025-1731 CVSS:7.8

An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.

Impact

• Gain Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-3577

• CVE-2025-1732

• CVE-2025-1731

Affected Vendors

Remediation

Refer to Zyxel Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-3577

CVE-2025-1732

CVE-2025-1731