Zyxel Issues Security Patches for USG FLEX H Firewall

Zyxel has released critical security updates for its USG FLEX H series firewalls, addressing two vulnerabilities tracked as CVE-2025-1731 and CVE-2025-1732 allow attackers to escalate privileges on affected systems.

Vulnerability Details

CVE-2025-1732 pertains to improper privilege management within the firmware’s recovery function. This vulnerability could allow a local attacker with administrative access to upload a malicious configuration file, further escalating privileges on the device.

CVE-2025-1731 is an incorrect permission assignment flaw in PostgreSQL commands found in certain versions of the uOS firmware. According to Zyxel advisory, an authenticated local attacker with limited privileges could exploit this issue to gain shell access and escalate privileges. The attacker would need to exploit a valid, active administrator session, using a stolen token to make unauthorized system changes.

Zyxel confirms that only the USG FLEX H with firmware uOS V1.20 to V1.31 are vulnerable.

Mitigation

Users are strongly encouraged to upgrade to uOS V1.32 as soon as possible. Zyxel extended its gratitude to security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security for responsibly disclosing CVE-2025-1731, and to Sgreccia again for CVE-2025-1732.

Follow cybersecurity88 on X and Linkedin for the latest cybersecurity news

Source: hxxps[://]www[.]zyxel[.]com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025