CVE-2025-7673
Published: 16 July 2025
Summary
CVE-2025-7673 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Emg3525-T50B Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A buffer overflow vulnerability exists in the URL parser of the zhttpd web server component within Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0. The flaw is tracked as CVE-2025-7673 and assigned CWE-120, with a CVSS 3.1 base score of 9.8 reflecting network attack vector, low complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can exploit the issue by sending a specially crafted HTTP request to the affected device, resulting in denial-of-service conditions or potential arbitrary code execution.
The referenced Zyxel security advisory addresses remote code execution and denial-of-service vulnerabilities in the affected CPE and identifies the patched firmware version V5.50(ABOM.5)C0 as the corrective release. The EPSS score remains low, with a current value of 0.0141 and a peak of 0.0172.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21579
Vulnerability details
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially…
more
crafted HTTP request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in public-facing zhttpd web server directly enables T1190 exploitation for RCE or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the CVE by requiring timely flaw remediation through application of the vendor firmware patch to eliminate the buffer overflow vulnerability.
Prevents exploitation by enforcing validation of HTTP URL inputs in the zhttpd parser to reject specially crafted requests that trigger buffer overflows.
Mitigates buffer overflow exploitation via memory protection mechanisms like stack canaries, ASLR, and DEP to block arbitrary code execution and DoS.