Cyber Resilience

CVE-2025-7673

Critical

Published: 16 July 2025

Published
16 July 2025
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0141 81.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7673 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Emg3525-T50B Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A buffer overflow vulnerability exists in the URL parser of the zhttpd web server component within Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0. The flaw is tracked as CVE-2025-7673 and assigned CWE-120, with a CVSS 3.1 base score of 9.8 reflecting network attack vector, low complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the issue by sending a specially crafted HTTP request to the affected device, resulting in denial-of-service conditions or potential arbitrary code execution.

The referenced Zyxel security advisory addresses remote code execution and denial-of-service vulnerabilities in the affected CPE and identifies the patched firmware version V5.50(ABOM.5)C0 as the corrective release. The EPSS score remains low, with a current value of 0.0141 and a peak of 0.0172.

EU & UK References

Vulnerability details

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially…

more

crafted HTTP request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated buffer overflow in public-facing zhttpd web server directly enables T1190 exploitation for RCE or DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7287Same vendor: Zyxel
CVE-2026-1459Same product: Zyxel Emg3525-T50B
CVE-2025-13943Same product: Zyxel Emg3525-T50B
CVE-2025-13942Same product: Zyxel Emg6726-B10A
CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120

Affected Assets

zyxel
emg3525-t50b firmware
≤ 5.50\(abpm.4\)c0 · ≤ 5.50\(absl.0\)b8
zyxel
emg5523-t50b firmware
≤ 5.50\(abpm.4\)c0 · ≤ 5.50\(absl.0\)b8
zyxel
emg5723-t50k firmware
≤ 5.50\(abom.5\)c0
zyxel
emg6726-b10a firmware
≤ 5.13\(abnp.6\).c
zyxel
ex3510-b0 firmware
≤ 5.17\(abup.3\)c0
zyxel
ex5510-b0 firmware
≤ 5.15\(abqx.3\)c0
zyxel
vmg1312-t20b firmware
≤ 5.50\(absb.3\)c0
zyxel
vmg3625-t50b firmware
≤ 5.50\(abpm.4\)c0
zyxel
vmg3925-b10b firmware
≤ 5.13\(aavf.16\)c
zyxel
vmg3925-b10c firmware
≤ 5.13\(aavf.16\)c
+14 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely flaw remediation through application of the vendor firmware patch to eliminate the buffer overflow vulnerability.

prevent

Prevents exploitation by enforcing validation of HTTP URL inputs in the zhttpd parser to reject specially crafted requests that trigger buffer overflows.

prevent

Mitigates buffer overflow exploitation via memory protection mechanisms like stack canaries, ASLR, and DEP to block arbitrary code execution and DoS.

References