CVE-2025-0890
Published: 04 February 2025
Summary
CVE-2025-0890 is a critical-severity Improper Authentication (CWE-287) vulnerability in Zyxel Vmg4325-B10A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 4.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires management of authenticators including changing insecure default credentials to prevent unauthorized login to the Telnet management interface.
Mandates account management processes to disable unnecessary accounts or change default credentials associated with the vulnerable Telnet function.
Enforces secure configuration settings that prohibit insecure default credentials for management interfaces like Telnet in the affected firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables use of default accounts (T1078.001) for unauthorized access via external remote service (Telnet management interface, T1133).
NVD Description
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the…
more
default credentials but fail to do so.
Deeper analysisAI
CVE-2025-0890 involves insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615. This vulnerability, marked as unsupported when assigned and associated with CWE-287 (Improper Authentication) and CWE-522 (Insufficiently Protected Credentials), enables an attacker to log in to the management interface if administrators have the option to change the default credentials but fail to do so. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact network-based exploitation.
Any remote attacker with network access to the affected device can exploit this vulnerability with low complexity, requiring no privileges, authentication, or user interaction. Successful exploitation allows login to the management interface using the default credentials, granting high levels of confidentiality, integrity, and availability compromise, such as unauthorized control over the device.
Zyxel has issued a security advisory covering this insecure default credentials issue, along with command injection vulnerabilities, in certain legacy DSL CPE devices, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025.
Details
- CWE(s)