Path Traversal Vulnerability in Zyxel NWA50AX PRO Firmware
CVE-2025-6265

7.2HIGH

Key Information:

Vendor: Zyxel
Status: Nwa50ax Pro Firmware
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-6265?

A path traversal vulnerability exists in the file_upload-cgi program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier. This flaw could enable an authenticated attacker with administrator privileges to manipulate file paths, facilitating unauthorized access to sensitive directories and enabling the deletion of critical system files, including configuration files. This vulnerability underscores the importance of securing file upload functions and maintaining updated firmware to prevent exploitation.

Affected Version(s)

NWA50AX PRO firmware <= 7.10(ACGE.2)

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 19, 2025