CVE-2025-6265

{"id": "CVE-2025-6265", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-07-15T02:15:28.080", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-path-traversal-vulnerability-in-aps-07-15-2025", "source": "security@zyxel.com.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad de path traversal en el programa CGI file_upload-cgi del firmware Zyxel NWA50AX PRO versi\u00f3n 7.10 (ACGE.2) y anteriores podr\u00eda permitir que un atacante autenticado con privilegios de administrador acceda a directorios espec\u00edficos y elimine archivos, como el archivo de configuraci\u00f3n, en el dispositivo afectado."}], "lastModified": "2025-07-15T13:14:24.053", "sourceIdentifier": "security@zyxel.com.tw"}