heise PlusAbo
Anzeige

Security Update: Unauthorized Access to Zyxel Firewalls Possible

Attackers can target certain Zyxel firewalls. However, attacks are not straightforward.

listen Print view
Stylized image with reddish circuit traces, an open lock in the foreground, and the words Data Leak, Security, Exploit found

(Image: Black_Kira/Shutterstock.com)

1 min. read
Security
By

The ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN firewall series are vulnerable. Attackers can exploit two security vulnerabilities. To secure instances, administrators should install the available security update.

Both vulnerabilities (CVE-2025-8078, CVE-2025-9133) are classified as "high" threat level. In the first case, attackers must already have administrator privileges to execute their own commands at the system level. However, in this position, the door is already wide open for them.

In the second case, attackers must have completed the first step of the two-factor authentication setup. If this is the case, they can view and download system configurations.

Videos by heise

Protecting Instances

Even though there are no reports of attacks so far, administrators should install the security update ZDL V5.41 promptly. In a security advisory, the developers state that ZDL versions V4.32 up to and including V5.40 are affected by the security vulnerabilities.

Most recently, the developers released security updates for firewalls in April of this year.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten