CVE-2025-0890
Published: 04 February 2025
Summary
CVE-2025-0890 is a critical-severity Improper Authentication (CWE-287) vulnerability in Zyxel Vmg4325-B10A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2025-0890 is an insecure default credentials vulnerability affecting the Telnet management interface on the legacy Zyxel VMG4325-B10A DSL CPE running firmware version 1.00(AAFR.4)C0_20170615. The device ships with fixed credentials that remain usable if administrators do not explicitly replace them, and the product has been designated unsupported. The flaw is tracked under CWE-287 and CWE-522 and carries a CVSS 3.1 score of 9.8.
An unauthenticated attacker with network access to the Telnet port can log in using the unchanged defaults and obtain full control of the management interface, resulting in complete confidentiality, integrity, and availability impact on the affected CPE.
The referenced Zyxel advisory notes that the device is no longer supported and therefore receives no firmware update; it recommends that owners either change the credentials immediately if the option remains available or replace the hardware with a currently supported model. The associated EPSS score has reached a peak of 0.2379, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1913
Vulnerability details
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the…
more
default credentials but fail to do so.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables use of default accounts (T1078.001) for unauthorized access via external remote service (Telnet management interface, T1133).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires management of authenticators including changing insecure default credentials to prevent unauthorized login to the Telnet management interface.
Mandates account management processes to disable unnecessary accounts or change default credentials associated with the vulnerable Telnet function.
Enforces secure configuration settings that prohibit insecure default credentials for management interfaces like Telnet in the affected firmware.