CVE-2025-7673

Critical

Published: 16 July 2025

Published

16 July 2025

Modified

14 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0071 72.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7673 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Emg3525-T50B Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring timely flaw remediation through application of the vendor firmware patch to eliminate the buffer overflow vulnerability.

SI-10 Information Input Validation good match

prevent

Prevents exploitation by enforcing validation of HTTP URL inputs in the zhttpd parser to reject specially crafted requests that trigger buffer overflows.

SI-16 Memory Protection good match

prevent

Mitigates buffer overflow exploitation via memory protection mechanisms like stack canaries, ASLR, and DEP to block arbitrary code execution and DoS.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated buffer overflow in public-facing zhttpd web server directly enables T1190 exploitation for RCE or DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially…

crafted HTTP request.

Deeper analysisAI

CVE-2025-7673 is a buffer overflow vulnerability (CWE-120) in the URL parser of the zhttpd web server within Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0. This flaw, published on 2025-07-16, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity by sending a specially crafted HTTP request to the affected device. Successful exploitation could result in denial-of-service (DoS) conditions, disrupting service availability, and potentially enable arbitrary code execution, granting high confidentiality, integrity, and availability impacts.

Zyxel has published a security advisory detailing the remote code execution and denial-of-service vulnerabilities, available at https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe, which likely includes guidance on mitigation and patching to firmware version V5.50(ABOM.5)C0 or later.