Vulnerability Description
A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Nwa50Ax Firmware | <= 7.10\(abyw.1\) |
| Zyxel | Nwa50Ax | - |
| Zyxel | Nwa50Ax Pro Firmware | <= 7.10\(acge.2\) |
| Zyxel | Nwa50Ax Pro | - |
| Zyxel | Nwa55Axe Firmware | <= 7.10\(abzl.1\) |
| Zyxel | Nwa55Axe | - |
| Zyxel | Nwa90Ax Firmware | <= 7.10\(accv.1\) |
| Zyxel | Nwa90Ax | - |
| Zyxel | Nwa90Ax Pro Firmware | <= 7.10\(acgf.2\) |
| Zyxel | Nwa90Ax Pro | - |
| Zyxel | Nwa110Ax Firmware | <= 7.10\(abtg.1\) |
| Zyxel | Nwa110Ax | - |
| Zyxel | Nwa130Be Firmware | <= 7.10\(acil.2\) |
| Zyxel | Nwa130Be | - |
| Zyxel | Nwa210Ax Firmware | <= 7.10\(abtd.1\) |
| Zyxel | Nwa210Ax | - |
| Zyxel | Nwa220Ax-6E Firmware | <= 7.10\(acco.1\) |
| Zyxel | Nwa220Ax-6E | - |
| Zyxel | Nwa1123Ac Pro Firmware | <= 6.28\(abhd.3\) |
| Zyxel | Nwa1123Ac Pro | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-6265?
CVE-2025-6265 is a vulnerability with a CVSS score of 7.2 (HIGH). A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to ...
How severe is CVE-2025-6265?
CVE-2025-6265 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6265?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nwa50Ax Firmware, Zyxel Nwa50Ax, Zyxel Nwa50Ax Pro Firmware, Zyxel Nwa50Ax Pro, Zyxel Nwa55Axe Firmware.