CVE-2025-11847 — MEDIUM (4.9)

Q: How severe is CVE-2025-11847?

CVE-2025-11847 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-11847?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte3301-Plus Firmware, Zyxel Lte3301-Plus, Zyxel Nebula Fwa505 Firmware, Zyxel Nebula Fwa505, Zyxel Nebula Fwa510 Firmware.

Vulnerability Description

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Lte3301-Plus Firmware	< 1.00\(abqu.9\)c0
Zyxel	Lte3301-Plus	-
Zyxel	Nebula Fwa505 Firmware	< 1.60\(acko.2\)v0
Zyxel	Nebula Fwa505	-
Zyxel	Nebula Fwa510 Firmware	< 1.60\(acgd.0\)c0
Zyxel	Nebula Fwa510	-
Zyxel	Nebula Fwa515 Firmware	< 1.60\(acpz.0\)v0
Zyxel	Nebula Fwa515	-
Zyxel	Nebula Fwa710 Firmware	< 1.60\(acgc.1\)v0
Zyxel	Nebula Fwa710	-
Zyxel	Ee5301-00 Firmware	< 5.63\(acld.2.1\)c0
Zyxel	Ee5301-00	-
Zyxel	Ee3301-00 Firmware	< 5.63\(acmu.2.1\)c0
Zyxel	Ee3301-00	-
Zyxel	Dx5401-B1 Firmware	< 5.17\(abyo.7.1\)c0
Zyxel	Dx5401-B1	-
Zyxel	Dx4510-B1 Firmware	< 5.17\(abyl.10.1\)c0
Zyxel	Dx4510-B1	-
Zyxel	Dx4510-B0 Firmware	< 5.17\(abyl.10.1\)c0
Zyxel	Dx4510-B0	-

Related Weaknesses (CWE)

CWE-476

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2025-11847?

CVE-2025-11847 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL...

How severe is CVE-2025-11847?

CVE-2025-11847 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-11847?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte3301-Plus Firmware, Zyxel Lte3301-Plus, Zyxel Nebula Fwa505 Firmware, Zyxel Nebula Fwa505, Zyxel Nebula Fwa510 Firmware.