Zyxel firewall: Attackers can steal admin tokens
Zyxel's USG FLEX H firewall series is vulnerable. Security updates provide a remedy.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can exploit two vulnerabilities in Zyxel USG FLEX H series firewalls. However, attacks are not possible, without further ado.
Manipulated configuration files
In a warning message, the developers state that errors may occur when processing PostgreSQL commands (CVE-2025-1732 “high”). For such an attack, however, a local attacker must already be authenticated and have low user rights for the Linux shell. If this is the case, they can obtain an admin token and change configurations. Specifically, uOS versions 1.20 up to and including 1.31 are affected.
The second vulnerability (CVE-2025-1732 “medium”) enables an attacker who already has administrator rights to upload prepared configuration files. The developers assure that they have closed both gaps in uOS 1.32.
Videos by heise
Zyxel's warning message does not indicate whether attacks are already underway. It also remains unclear which parameters admins can use to recognize firewalls that have already been attacked.
(des)
