Zyxel Patches Critical Privilege Management Flaws in USG FLEX H Series Firewalls
Two High-Severity Vulnerabilities Discovered
Zyxel has released urgent security patches to address two critical privilege management vulnerabilities in its USG FLEX H series firewalls.
The vulnerabilities, tracked as CVE-2025-1731 and CVE-2025-1732, could allow authenticated local attackers to escalate privileges and gain unauthorized access to sensitive system functions.
Security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security were credited for responsibly disclosing these flaws.
CVE-2025-1731: Incorrect Permission Assignment
The first vulnerability, CVE-2025-1731, arises from incorrect permission assignment in the PostgreSQL command processing of certain uOS firmware versions on the USG FLEX H series.
An attacker with low-level access and a valid session token, particularly if an administrator has not logged out, can exploit these permission errors to access the device’s Linux shell.
By crafting malicious scripts or modifying system configurations, the attacker could escalate privileges, potentially gaining administrator-level access.
However, modifying system configurations is only possible if the administrator’s session remains active and the token is valid.
CVE-2025-1732: Improper Privilege Management
The second flaw, CVE-2025-1732, affects the recovery function within specific firmware versions.
An attacker with administrator credentials could upload a specially crafted configuration file, exploiting weaknesses in privilege controls to further escalate their privileges or compromise the device’s integrity.
This vulnerability underscores the importance of robust privilege management in firewall systems.
Risk Factor Table: Affected Versions and Patch Availability
Zyxel’s investigation determined that only the USG FLEX H series within the support lifecycle is susceptible to these vulnerabilities.
The company has issued patches and urges all users of affected versions to update immediately for optimal protection.
| Firewall Series | Affected Versions | Patch for CVE-2025-1731 | Patch for CVE-2025-1732 |
|---|---|---|---|
| USG FLEX H | uOS V1.20 to V1.31 | uOS V1.31 | uOS V1.32 |
All other Zyxel firewall products currently on the market are unaffected by these vulnerabilities.
User Guidance and Acknowledgments
Zyxel strongly advises customers using USG FLEX H firewalls with uOS V1.20 to V1.31 to upgrade to the latest firmware (uOS V1.32) without delay.
Regular monitoring of security advisories and prompt patching are essential to maintaining robust network defenses.
For further assistance, users are encouraged to contact their local Zyxel service representative or visit the Zyxel Community support portal.
The company extended its gratitude to the security researchers for their responsible disclosure, which enabled a swift response to these high-severity threats.
The initial advisory was published on April 22, 2025, and users are reminded to stay informed about future updates to ensure continued protection.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Zyxel has released urgent security patches to address two critical privilege management vulnerabilities in its USG FLEX H series firewalls.){kind=link}