CVE-2025-8693

HIGH
Published Nov 18, 2025 Modified Dec 15, 2025 CWE-78

Description

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Is your site exposed to CVE-2025-8693?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-78 OS Command Injection

Affected Products

Vendor Product
zyxel dm4200-b0_firmware
zyxel dm4200-b0
zyxel dx3300-t0_firmware
zyxel dx3300-t0
zyxel dx3300-t1_firmware
zyxel dx3300-t1
zyxel dx3301-t0_firmware
zyxel dx3301-t0
zyxel dx4510-b1_firmware
zyxel dx4510-b1
zyxel dx5401-b0_firmware
zyxel dx5401-b0
zyxel dx5401-b1_firmware
zyxel dx5401-b1
zyxel ee3301-00_firmware
zyxel ee3301-00
zyxel ee5301-00_firmware
zyxel ee5301-00
zyxel ee6510-10_firmware
zyxel ee6510-10
zyxel ex3300-t0_firmware
zyxel ex3300-t0
zyxel ex3300-t0_firmware
zyxel ex3300-t0
zyxel ex3300-t1_firmware
zyxel ex3300-t1
zyxel ex3301-t0_firmware
zyxel ex3301-t0
zyxel ex3500-t0_firmware
zyxel ex3500-t0
zyxel ex3501-t0_firmware
zyxel ex3501-t0
zyxel ex3510-b0_firmware
zyxel ex3510-b0
zyxel ex3510-b1_firmware
zyxel ex3510-b1
zyxel ex3600-t0_firmware
zyxel ex3600-t0
zyxel ex5401-b0_firmware
zyxel ex5401-b0
zyxel ex5401-b1_firmware
zyxel ex5401-b1
zyxel ex5501-b0_firmware
zyxel ex5501-b0
zyxel ex5510-b0_firmware
zyxel ex5510-b0
zyxel ex5512-t0_firmware
zyxel ex5512-t0
zyxel ex5601-t0_firmware
zyxel ex5601-t0
zyxel ex5601-t1_firmware
zyxel ex5601-t1
zyxel ex7501-b0_firmware
zyxel ex7501-b0
zyxel ex7710-b0_firmware
zyxel ex7710-b0
zyxel emg3525-t50b_firmware
zyxel emg3525-t50b
zyxel emg5523-t50b_firmware
zyxel emg5523-t50b
zyxel emg5723-t50k_firmware
zyxel emg5723-t50k
zyxel gm4100-b0_firmware
zyxel gm4100-b0
zyxel vmg3625-t50b_firmware
zyxel vmg3625-t50b
zyxel vmg3927-t50k_firmware
zyxel vmg3927-t50k
zyxel vmg4005-b50a_firmware
zyxel vmg4005-b50a
zyxel vmg4005-b60a_firmware
zyxel vmg4005-b60a
zyxel vmg4005-b50b_firmware
zyxel vmg4005-b50b
zyxel vmg8623-t50b_firmware
zyxel vmg8623-t50b
zyxel vmg8825-t50k_firmware
zyxel vmg8825-t50k
zyxel ax7501-b0_firmware
zyxel ax7501-b0
zyxel ax7501-b1_firmware
zyxel ax7501-b1
zyxel pe3301-00_firmware
zyxel pe3301-00
zyxel pe5301-01_firmware
zyxel pe5301-01
zyxel pm3100-t0_firmware
zyxel pm3100-t0
zyxel pm5100-t0_firmware
zyxel pm5100-t0
zyxel pm7500-00_firmware
zyxel pm7500-00
zyxel pm7300-t0_firmware
zyxel pm7300-t0
zyxel px3321-t1_firmware
zyxel px3321-t1
zyxel px3321-t1_firmware
zyxel px3321-t1
zyxel px5301-t0_firmware
zyxel px5301-t0
zyxel we3300-00_firmware
zyxel we3300-00
zyxel wx3100-t0_firmware
zyxel wx3100-t0
zyxel wx3401-b0_firmware
zyxel wx3401-b0
zyxel wx3401-b1_firmware
zyxel wx3401-b1
zyxel wx5600-t0_firmware
zyxel wx5600-t0
zyxel wx5610-b0_firmware
zyxel wx5610-b0

References

Frequently Asked Questions

What is CVE-2025-8693? +
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device. It has a CVSS v3.1 base score of 8.8 (HIGH).
How severe is CVE-2025-8693? +
CVE-2025-8693 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-8693? +
CVE-2025-8693 affects products from zyxel, specifically: ax7501-b0, ax7501-b0_firmware, ax7501-b1, ax7501-b1_firmware, dm4200-b0, dm4200-b0_firmware, dx3300-t0, dx3300-t0_firmware, dx3300-t1, dx3300-t1_firmware, dx3301-t0, dx3301-t0_firmware, dx4510-b1, dx4510-b1_firmware, dx5401-b0, dx5401-b0_firmware, dx5401-b1, dx5401-b1_firmware, ee3301-00, ee3301-00_firmware, ee5301-00, ee5301-00_firmware, ee6510-10, ee6510-10_firmware, emg3525-t50b, emg3525-t50b_firmware, emg5523-t50b, emg5523-t50b_firmware, emg5723-t50k, emg5723-t50k_firmware, ex3300-t0, ex3300-t0_firmware, ex3300-t1, ex3300-t1_firmware, ex3301-t0, ex3301-t0_firmware, ex3500-t0, ex3500-t0_firmware, ex3501-t0, ex3501-t0_firmware, ex3510-b0, ex3510-b0_firmware, ex3510-b1, ex3510-b1_firmware, ex3600-t0, ex3600-t0_firmware, ex5401-b0, ex5401-b0_firmware, ex5401-b1, ex5401-b1_firmware, ex5501-b0, ex5501-b0_firmware, ex5510-b0, ex5510-b0_firmware, ex5512-t0, ex5512-t0_firmware, ex5601-t0, ex5601-t0_firmware, ex5601-t1, ex5601-t1_firmware, ex7501-b0, ex7501-b0_firmware, ex7710-b0, ex7710-b0_firmware, gm4100-b0, gm4100-b0_firmware, pe3301-00, pe3301-00_firmware, pe5301-01, pe5301-01_firmware, pm3100-t0, pm3100-t0_firmware, pm5100-t0, pm5100-t0_firmware, pm7300-t0, pm7300-t0_firmware, pm7500-00, pm7500-00_firmware, px3321-t1, px3321-t1_firmware, px5301-t0, px5301-t0_firmware, vmg3625-t50b, vmg3625-t50b_firmware, vmg3927-t50k, vmg3927-t50k_firmware, vmg4005-b50a, vmg4005-b50a_firmware, vmg4005-b50b, vmg4005-b50b_firmware, vmg4005-b60a, vmg4005-b60a_firmware, vmg8623-t50b, vmg8623-t50b_firmware, vmg8825-t50k, vmg8825-t50k_firmware, we3300-00, we3300-00_firmware, wx3100-t0, wx3100-t0_firmware, wx3401-b0, wx3401-b0_firmware, wx3401-b1, wx3401-b1_firmware, wx5600-t0, wx5600-t0_firmware, wx5610-b0, wx5610-b0_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-8693? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-8693 — free, no signup required.