← Back to Threat Radar·Vendor focus

Zyxel Vulnerabilities Affecting Small Businesses

Zyxel firewall and VPN vulnerabilities — frequently cited in CISA KEV for active exploitation.

7

Total CVEs

0

Critical

0

High risk

0

CISA KEV

Last updated: April 21, 2026 · Data: NVD · CISA KEV · EPSS

CVE-2025-7673medium

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

29

SMB SCORE

CVSS 9.8

EPSS 0.4%

CVE-2024-11253medium

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

27

SMB SCORE

CVSS 7.2

EPSS 0.3%

CVE-2024-12010medium

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

27

SMB SCORE

CVSS 7.2

EPSS 0.3%

CVE-2024-12009medium

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

27

SMB SCORE

CVSS 7.2

EPSS 0.3%

CVE-2025-8693medium

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

26

SMB SCORE

CVSS 8.8

EPSS 0.2%

CVE-2025-6265medium

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

24

SMB SCORE

CVSS 7.2

EPSS 0.1%

CVE-2025-6599medium

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

23

SMB SCORE

CVSS 5.3

EPSS 0.1%

Related — other vendors affecting SMB

Microsoft vulnerabilities →Fortinet vulnerabilities →Cisco vulnerabilities →SonicWall vulnerabilities →Apache vulnerabilities →WordPress vulnerabilities →Veeam vulnerabilities →Synology vulnerabilities →