CVE-2025-6265

HIGH
Published Jul 15, 2025 Modified Jan 14, 2026 CWE-22

Description

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

Is your site exposed to CVE-2025-6265?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-22 Path Traversal

Affected Products

Vendor Product
zyxel nwa50ax_firmware
zyxel nwa50ax
zyxel nwa50ax_pro_firmware
zyxel nwa50ax_pro
zyxel nwa55axe_firmware
zyxel nwa55axe
zyxel nwa90ax_firmware
zyxel nwa90ax
zyxel nwa90ax_pro_firmware
zyxel nwa90ax_pro
zyxel nwa110ax_firmware
zyxel nwa110ax
zyxel nwa130be_firmware
zyxel nwa130be
zyxel nwa210ax_firmware
zyxel nwa210ax
zyxel nwa220ax-6e_firmware
zyxel nwa220ax-6e
zyxel nwa1123ac_pro_firmware
zyxel nwa1123ac_pro
zyxel wac500h_firmware
zyxel wac500h
zyxel wac5302d-sv2_firmware
zyxel wac5302d-sv2
zyxel wac6103d-i_firmware
zyxel wac6103d-i
zyxel wax300h_firmware
zyxel wax300h
zyxel wax510d_firmware
zyxel wax510d
zyxel wax610d_firmware
zyxel wax610d
zyxel wax620d-6e_firmware
zyxel wax620d-6e
zyxel wax630s_firmware
zyxel wax630s
zyxel wax640s-6e_firmware
zyxel wax640s-6e
zyxel wax650s_firmware
zyxel wax650s
zyxel wax655e_firmware
zyxel wax655e
zyxel wbe530_firmware
zyxel wbe530
zyxel wbe660s_firmware
zyxel wbe660s

References

Frequently Asked Questions

What is CVE-2025-6265? +
A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device. It has a CVSS v3.1 base score of 7.2 (HIGH).
How severe is CVE-2025-6265? +
CVE-2025-6265 has a CVSS v3.1 score of 7.2 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-6265? +
CVE-2025-6265 affects products from zyxel, specifically: nwa110ax, nwa110ax_firmware, nwa1123ac_pro, nwa1123ac_pro_firmware, nwa130be, nwa130be_firmware, nwa210ax, nwa210ax_firmware, nwa220ax-6e, nwa220ax-6e_firmware, nwa50ax, nwa50ax_firmware, nwa50ax_pro, nwa50ax_pro_firmware, nwa55axe, nwa55axe_firmware, nwa90ax, nwa90ax_firmware, nwa90ax_pro, nwa90ax_pro_firmware, wac500h, wac500h_firmware, wac5302d-sv2, wac5302d-sv2_firmware, wac6103d-i, wac6103d-i_firmware, wax300h, wax300h_firmware, wax510d, wax510d_firmware, wax610d, wax610d_firmware, wax620d-6e, wax620d-6e_firmware, wax630s, wax630s_firmware, wax640s-6e, wax640s-6e_firmware, wax650s, wax650s_firmware, wax655e, wax655e_firmware, wbe530, wbe530_firmware, wbe660s, wbe660s_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-6265? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-6265 — free, no signup required.