- Description
- A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
- Products
- zld
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@zyxel.com.tw
- CWE-78
- Hype score
- Not currently trending
CVE-2025-8078: Remote Code Execution via CLI Command Injection #CVE20258078 #RemoteCodeExecution #CommandInjection #ZYXEL #Exploit https://t.co/12FNhKvxuq
@reverseame
18 Feb 2026
732 Impressions
2 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
18 new OPEN, 41 new PRO (18 + 23) Cacti (CVE-2025-66399), D-Link (CVE-2025-9769), FLIR (CVE-2025-5127), Oracle (CVE-2025-61757), TA451, TA453, Tenda (CVE-2025-9813), Western Digital (CVE-2016-10108, CVE-2016-10107), Zyxel (CVE-2025-8078) and more https://t.co/QpfhWo6NvF https://
@ET_Labs
2 Dec 2025
336 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Zyxel ❗CVE-2025-9133 ❗CVE-2025-8078 ➡️Más info: https://t.co/ZqVuXQlrPi https://t.co/eJP4nLTaRO
@CERTpy
27 Oct 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8078 (CVSS:7.2, HIGH) is Awaiting Analysis. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, US..https://t.co/XuQXB2nXaE #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8078: ZYXEL Remote Code Execution via CLI Command Injection https://t.co/SG7bRlGDaA https://t.co/ACvTxPbP4b
@secharvesterx
21 Oct 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8078: ZYXEL Remote Code Execution via CLI Command Injection https://t.co/6eGAPg9Got
@_r_netsec
21 Oct 2025
1526 Impressions
5 Retweets
13 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-8078 Command Injection in Zyxel ATP, USG FLEX, and USG20(W)-VPN Firmware Versions https://t.co/u1LNKylvXA
@VulmonFeeds
21 Oct 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8078 A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 throu… https://t.co/NUwcywnSBb
@CVEnew
21 Oct 2025
489 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A48C1EF-AAAE-49F7-874E-A87745096960",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553EB25-CB12-4245-B522-3D4B75D5F221",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84936549-57C8-4F5C-9DA3-829A2290BB75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1822AD84-E658-48E7-A105-EEE6B3A2F914",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D304892-0F94-484E-966F-326AFEDCE072",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]