Thursday , June 26 2025
USG FLEX H series

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws could let attackers gain unauthorized access and escalate their privileges on the devices.

On April 22, 2025, a security advisory was released outlining patches for CVE-2025-1731 and CVE-2025-1732, affecting various firmware versions of the company’s security appliances.

Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543...
Read More
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

SonicWall warns of a trojanized NetExtender stealing VPN logins

SonicWall warned on Monday that unknown attackers have trojanized its SSL-VPN NetExtender application, tricking users into downloading it from fake...
Read More
SonicWall warns of a trojanized NetExtender stealing VPN logins

CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights

A significant security vulnerability has been revealed in TeamViewer Remote Management for Windows, posing a risk of privilege escalation attacks....
Read More
CVE-2025-36537  TeamViewer patched vuln allowing hacker SYSTEM Rights

Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers

Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages and steal credentials. Positive Technologies...
Read More
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Zyxel USG FLEX H Series Vulnerabilities:

Security researchers found a vulnerability (CVE-2025-1731) in the PostgreSQL commands of USG FLEX H series uOS firmware versions V1.20 to V1.31 due to incorrect permission assignments.

This critical flaw has a CVSS score of 7.8, highlighting its serious security threat. It may allow a low-privileged, authenticated local attacker to access the Linux shell and elevate their privileges to the administrator level.

The advisory explains that ” the exploitation path is particularly concerning as it enables attackers to craft malicious scripts or modify system configurations through a stolen token. “

“However, modification of system configurations is only possible if the administrator remains logged in and their token remains valid.”

The second vulnerability, CVE-2025-1732, relates to improper privilege management in the recovery function of the same firmware versions.

This vulnerability allows an authenticated local attacker with admin privileges to upload a specially crafted configuration file, potentially escalating their privileges on affected devices.

Security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security discovered the vulnerabilities.

Affected Systems and Patch Released:

Zyxel’s investigation found that only the USG FLEX H series is vulnerable during the current support period. They have released firmware update uOS V1.32 to fix these vulnerabilities.

Security experts advise prompt patching due to the frequent exploitation of privilege escalation vulnerabilities in targeted enterprise attacks.

The USG FLEX H series is Zyxel’s advanced security solution, offering three times the performance in firewall, VPN, and Unified Threat Management compared to earlier models, thanks to its next-generation multi-core hardware.

Users should promptly install the patches and adopt defense-in-depth strategies, such as reducing external management interface exposure and enforcing strong authentication policies.

Check Also

Microsoft Exchange Servers

Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers

Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages …

Leave a Reply

Your email address will not be published. Required fields are marked *