CVE-2025-7673

CRITICAL
Published Jul 16, 2025 Modified Jan 14, 2026 CWE-120

Description

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-120 CWE-120

Affected Products

Vendor Product
zyxel emg3525-t50b_firmware
zyxel emg3525-t50b
zyxel emg3525-t50b_firmware
zyxel emg3525-t50b
zyxel emg5523-t50b_firmware
zyxel emg5523-t50b
zyxel emg5523-t50b_firmware
zyxel emg5523-t50b
zyxel emg5723-t50k_firmware
zyxel emg5723-t50k
zyxel emg6726-b10a_firmware
zyxel emg6726-b10a
zyxel ex3510-b0_firmware
zyxel ex3510-b0
zyxel ex5510-b0_firmware
zyxel ex5510-b0
zyxel vmg1312-t20b_firmware
zyxel vmg1312-t20b
zyxel vmg3625-t50b_firmware
zyxel vmg3625-t50b
zyxel vmg3925-b10b_firmware
zyxel vmg3925-b10b
zyxel vmg3925-b10c_firmware
zyxel vmg3925-b10c
zyxel vmg3927-b50a_firmware
zyxel vmg3927-b50a
zyxel vmg3927-b60a_firmware
zyxel vmg3927-b60a
zyxel vmg3927-b50b_firmware
zyxel vmg3927-b50b
zyxel vmg3927-t50k_firmware
zyxel vmg3927-t50k
zyxel vmg4005-b50b_firmware
zyxel vmg4005-b50b
zyxel vmg4927-b50a_firmware
zyxel vmg4927-b50a
zyxel vmg8623-t50b_firmware
zyxel vmg8623-t50b
zyxel vmg8825-b50a_firmware
zyxel vmg8825-b50a
zyxel vmg8825-b60a_firmware
zyxel vmg8825-b60a
zyxel vmg8825-bx0b_firmware
zyxel vmg8825-bx0b
zyxel vmg8825-t50k_firmware
zyxel vmg8825-t50k
zyxel vmg8924-b10d_firmware
zyxel vmg8924-b10d
zyxel xmg3927-b50a_firmware
zyxel xmg3927-b50a
zyxel xmg8825-b50a_firmware
zyxel xmg8825-b50a

References

Frequently Asked Questions

What is CVE-2025-7673? +
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-7673? +
CVE-2025-7673 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-7673? +
CVE-2025-7673 affects products from zyxel, specifically: emg3525-t50b, emg3525-t50b_firmware, emg5523-t50b, emg5523-t50b_firmware, emg5723-t50k, emg5723-t50k_firmware, emg6726-b10a, emg6726-b10a_firmware, ex3510-b0, ex3510-b0_firmware, ex5510-b0, ex5510-b0_firmware, vmg1312-t20b, vmg1312-t20b_firmware, vmg3625-t50b, vmg3625-t50b_firmware, vmg3925-b10b, vmg3925-b10b_firmware, vmg3925-b10c, vmg3925-b10c_firmware, vmg3927-b50a, vmg3927-b50a_firmware, vmg3927-b50b, vmg3927-b50b_firmware, vmg3927-b60a, vmg3927-b60a_firmware, vmg3927-t50k, vmg3927-t50k_firmware, vmg4005-b50b, vmg4005-b50b_firmware, vmg4927-b50a, vmg4927-b50a_firmware, vmg8623-t50b, vmg8623-t50b_firmware, vmg8825-b50a, vmg8825-b50a_firmware, vmg8825-b60a, vmg8825-b60a_firmware, vmg8825-bx0b, vmg8825-bx0b_firmware, vmg8825-t50k, vmg8825-t50k_firmware, vmg8924-b10d, vmg8924-b10d_firmware, xmg3927-b50a, xmg3927-b50a_firmware, xmg8825-b50a, xmg8825-b50a_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-7673? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-7673 — free, no signup required.

Start Free Scan