Vulnerability Description
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Emg3525-T50B Firmware | < 5.50\(abpm.4\)c0 |
| Zyxel | Emg3525-T50B | - |
| Zyxel | Emg5523-T50B Firmware | < 5.50\(abpm.4\)c0 |
| Zyxel | Emg5523-T50B | - |
| Zyxel | Emg5723-T50K Firmware | < 5.50\(abom.5\)c0 |
| Zyxel | Emg5723-T50K | - |
| Zyxel | Emg6726-B10A Firmware | < 5.13\(abnp.6\).c |
| Zyxel | Emg6726-B10A | - |
| Zyxel | Ex3510-B0 Firmware | < 5.17\(abup.3\)c0 |
| Zyxel | Ex3510-B0 | - |
| Zyxel | Ex5510-B0 Firmware | < 5.15\(abqx.3\)c0 |
| Zyxel | Ex5510-B0 | - |
| Zyxel | Vmg1312-T20B Firmware | < 5.50\(absb.3\)c0 |
| Zyxel | Vmg1312-T20B | - |
| Zyxel | Vmg3625-T50B Firmware | < 5.50\(abpm.4\)c0 |
| Zyxel | Vmg3625-T50B | - |
| Zyxel | Vmg3925-B10B Firmware | < 5.13\(aavf.16\)c |
| Zyxel | Vmg3925-B10B | - |
| Zyxel | Vmg3925-B10C Firmware | < 5.13\(aavf.16\)c |
| Zyxel | Vmg3925-B10C | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-7673?
CVE-2025-7673 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-s...
How severe is CVE-2025-7673?
CVE-2025-7673 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-7673?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Emg3525-T50B Firmware, Zyxel Emg3525-T50B, Zyxel Emg5523-T50B Firmware, Zyxel Emg5523-T50B, Zyxel Emg5723-T50K Firmware.