TIRESIS/Forecast/CVE-2025-7673

MEDIUM RISK

CVE-2025-7673

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a spec…

SMB Attack Probability Score

29/100medium

Weighted: EPSS · CISA KEV · SMB stack prevalence · exploit maturity · CVSS vector

CVSS v3

9.8

EPSS (30d)

0.40%

SMB Exposure

54.8/100

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

🔓

SMB Impact

How this vulnerability affects a real small business

1

How this breaks an SMB

Firewall or VPN compromise gives attackers full internal network access — no further credentials needed. All connected systems are immediately at risk.

2

Typical real-world scenario

Automated scanner identifies the exposed appliance. Within hours, lateral movement begins: file servers, domain controller, and backup systems are reached.

3

Estimated downtime & cost

Est. downtime

3–7 days

Business cost range

€15K–€80K

4

What IT should check this week

Is this appliance directly internet-facing?

Is firmware/OS version patched to latest?

Are admin consoles accessible without MFA?

Is network segmentation between IT and OT/servers active?

Scenarios are generated based on software category and CVE characteristics. Cost ranges reflect SMB incidents in TIRESIS incident database.

Threat Evolution Timeline

From disclosure to predicted exploitation — 3 events

◈ 1 predicted

📋

16 Jul 2025

Vulnerability disclosed

CVE published by NVD with CVSS 9.8 (CRITICAL)

📍

TODAY

Today

EPSS: 0.4% probability of exploitation in next 30 days. SMB Risk Score: 29/100

Forecast →

✅

29 Jun 2026◈ predicted · in 60 days

Predicted: widespread patch adoption

Low EPSS suggests limited active exploitation. Most organizations expected to patch in routine maintenance cycle.

◈ Predicted eventsare estimates based on EPSS score, exploit maturity, and historical CVE progression patterns. They are not guaranteed outcomes.

Affected Products

vmg4005-b50bemg6726-b10a firmwareemg5723-t50kemg5723-t50k firmwareemg5523-t50bvmg3927-t50k firmwarevmg8623-t50bvmg3925-b10c firmwareemg3525-t50b firmwarevmg3625-t50bvmg8825-t50k firmwarevmg8623-t50b firmwarexmg3927-b50a firmwarevmg3927-b60avmg8924-b10dxmg8825-b50a firmwarevmg8825-bx0b firmwarevmg4927-b50aex3510-b0vmg3925-b10b firmwarevmg8825-b50avmg8825-bx0bvmg3927-b50bvmg8825-t50k

Remediation & References

What to do

🌐No authentication required — restrict external access nowhigh

This vulnerability can be exploited remotely without credentials or user interaction. Until patched: block access to the affected service from the internet using firewall rules or ACLs. Only allow access from trusted IPs.

🔥Apply firewall firmware update via vendor PSIRT advisoryhigh

Firewall vulnerabilities are high-value targets — they sit at the network perimeter. Download the patched firmware from the vendor's official PSIRT page. Schedule an off-hours maintenance window to avoid business disruption during the update.

⚙️Disable management interface access from the internetmedium

The firewall management portal (web UI, SSH, API) should never be exposed directly to the internet. Restrict management access to internal IPs or a dedicated management VLAN only.

🖥Update web server to the latest stable releasemedium

Apply the patched version from the vendor's official release channel. For Apache: check httpd.apache.org/security. For Nginx: check nginx.org/en/security_advisories.html. After updating, verify the server config for any deprecated directives.

NVD Full Entry ↗Official vulnerability detail, CVSS vectors, CPE list EPSS Score ↗Exploit Prediction Scoring System — FIRST.org Mitre CVE ↗MITRE CVE Program official entry

Vendor & Exploit References

Zyxel Security Advisories ↗GitHub Advisory Search ↗Exploit-DB ↗

Scoring Methodology

SMB Attack Probability Score weights: EPSS exploit likelihood (35%), CISA KEV active exploitation (25%), SMB stack prevalence (20%), exploit maturity (10%), CVSS network vector complexity (10%). Impact scenarios are derived from software category and historical SMB incident patterns. Scores recompute daily.