Cyber Resilience

CVE-2025-0890

Critical

Published: 04 February 2025

Published
04 February 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2167 95.9th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0890 is a critical-severity Improper Authentication (CWE-287) vulnerability in Zyxel Vmg4325-B10A Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-0890 is an insecure default credentials vulnerability affecting the Telnet management interface on the legacy Zyxel VMG4325-B10A DSL CPE running firmware version 1.00(AAFR.4)C0_20170615. The device ships with fixed credentials that remain usable if administrators do not explicitly replace them, and the product has been designated unsupported. The flaw is tracked under CWE-287 and CWE-522 and carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker with network access to the Telnet port can log in using the unchanged defaults and obtain full control of the management interface, resulting in complete confidentiality, integrity, and availability impact on the affected CPE.

The referenced Zyxel advisory notes that the device is no longer supported and therefore receives no firmware update; it recommends that owners either change the credentials immediately if the option remains available or replace the hardware with a currently supported model. The associated EPSS score has reached a peak of 0.2379, indicating measurable post-disclosure exploitation interest.

EU & UK References

Vulnerability details

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the…

more

default credentials but fail to do so.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Directly enables use of default accounts (T1078.001) for unauthorized access via external remote service (Telnet management interface, T1133).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-40890Same product: Zyxel Sbg3300-N000
CVE-2024-40891Same product: Zyxel Sbg3300-N000
CVE-2026-1459Same vendor: Zyxel
CVE-2025-7673Same vendor: Zyxel
CVE-2025-8693Same vendor: Zyxel
CVE-2026-7287Same vendor: Zyxel
CVE-2025-13942Same vendor: Zyxel
CVE-2026-7256Same vendor: Zyxel
CVE-2025-13943Same vendor: Zyxel
CVE-2024-12398Same vendor: Zyxel

Affected Assets

zyxel
vmg4325-b10a firmware
all versions
zyxel
sbg3500-n000 firmware
all versions
zyxel
vmg1312-b10a firmware
all versions
zyxel
vmg1312-b10b firmware
all versions
zyxel
vmg1312-b10e firmware
all versions
zyxel
vmg3312-b10a firmware
all versions
zyxel
vmg3313-b10a firmware
all versions
zyxel
vmg3926-b10b firmware
all versions
zyxel
vmg4380-b10a firmware
all versions
zyxel
vmg8324-b10a firmware
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires management of authenticators including changing insecure default credentials to prevent unauthorized login to the Telnet management interface.

prevent

Mandates account management processes to disable unnecessary accounts or change default credentials associated with the vulnerable Telnet function.

prevent

Enforces secure configuration settings that prohibit insecure default credentials for management interfaces like Telnet in the affected firmware.

References