Missing Authorization Vulnerability in Zyxel ATP and USG FLEX Products
CVE-2025-9133

8.1HIGH

Key Information:

Vendor: Zyxel
Status: Atp Series Firmware; Usg Flex Series Firmware; Usg Flex 50(w) Series Firmware; Usg20(w)-vpn Series Firmware
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-9133?

A missing authorization vulnerability in specific firmware versions of Zyxel ATP and USG FLEX series allows semi-authenticated attackers—those who have only partially completed two-factor authentication (2FA)—to access and download sensitive system configuration details from affected devices. This could lead to a serious compromise of device integrity and user privacy, underscoring the importance of robust authorization mechanisms in modern security products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ATP series firmware versions from V4.32 through V5.40

USG FLEX 50(W) series firmware versions from V4.16 through V5.40

USG FLEX series firmware versions from V4.50 through V5.40

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Aug 19, 2025

JSON

Zyxel

What is CVE-2025-9133?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.