- Description
- A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
- Products
- zld
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- security@zyxel.com.tw
- CWE-862
- Hype score
- Not currently trending
CVE-2025-9133: Configuration Exposure via Authorization Bypass #CVE20259133 #ZyxelVulnerability #AuthBypass #ConfigExposure #CommandInjection https://t.co/IiCbNOzijv
@reverseame
13 Feb 2026
497 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Zyxel ❗CVE-2025-9133 ❗CVE-2025-8078 ➡️Más info: https://t.co/ZqVuXQlrPi https://t.co/eJP4nLTaRO
@CERTpy
27 Oct 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9133 (CVSS:8.1, HIGH) is Awaiting Analysis. A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series fi..https://t.co/s4RljbCDTP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇹🇼 🚨 URGENT: Zyxel ATP/USG authorization-bypass (CVE-2025-9133) permits unauthorized viewing/downloading of system configs despite 2FA. Affects firmware ≤ V5.40(ABPS.0). Severity 8.2. #Cybersecurity #Zyxel https://t.co/wvm6iWx8Rw
@STRATINT_AI
21 Oct 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9133: ZYXEL Configuration Exposure via Authorization Bypass https://t.co/dE1unWepc7 https://t.co/IxfmH812vV
@secharvesterx
21 Oct 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zyxel ATP & USG FLEX Firewalls: CVE-2025-9133 A missing authorization flaw lets attackers gain admin access to these firewalls. Patch ASAP to secure your perimeter. For more details, read ZeroPath's blog on this vuln. #AppSec #NetworkSecurity #InfoSec https://t.co/2jxZRS
@ZeroPathLabs
21 Oct 2025
85 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9133 pertains to a **missing authorization vulnerability** in specific Zyxel network device firmware versions. The flaw allows a **semi-authenticated attacker**—someone who has completed only the first stage of two-factor authentication (2FA)—to **view and download t
@CveTodo
21 Oct 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-9133 A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FL… https://t.co/jp5QJGpj4M
@CVEnew
21 Oct 2025
485 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A48C1EF-AAAE-49F7-874E-A87745096960",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D553EB25-CB12-4245-B522-3D4B75D5F221",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84936549-57C8-4F5C-9DA3-829A2290BB75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1822AD84-E658-48E7-A105-EEE6B3A2F914",
"versionEndExcluding": "5.41",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D304892-0F94-484E-966F-326AFEDCE072",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]