Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls

Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices. 

The security advisory, published on April 22, 2025, details the patches for CVE-2025-1731 and CVE-2025-1732, which impact multiple firmware versions of the company’s enterprise-grade security appliances.

Zyxel USG FLEX H Series Vulnerabilities

Security researchers identified an incorrect permission assignment vulnerability (CVE-2025-1731) in the PostgreSQL commands of USG FLEX H series uOS firmware versions V1.20 through V1.31. 

This critical flaw received a CVSS base score of 7.8, indicating its significant security impact. The vulnerability potentially allows an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges to the administrator level.

The advisory explains that ” the exploitation path is particularly concerning as it enables attackers to craft malicious scripts or modify system configurations through a stolen token. “

“However, modification of system configurations is only possible if the administrator remains logged in and their token remains valid.”

The second vulnerability, CVE-2025-1732, involves improper privilege management in the recovery function of the identical firmware versions. 

This vulnerability could enable an authenticated local attacker with administrator privileges to upload a specially crafted configuration file and further escalate privileges on vulnerable devices.

The vulnerabilities were discovered by security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security.

Affected Systems and Patch Released

Zyxel’s investigation identified the USG FLEX H series as the only vulnerable product line within the current support period. The company has released firmware update uOS V1.32 to address both vulnerabilities.

Security experts recommend immediate patching, as privilege escalation vulnerabilities are frequently exploited in targeted attacks against enterprise environments.

The USG FLEX H series, launched as Zyxel’s advanced security solution, features next-generation multi-core hardware and delivers three times the firewall, VPN, and Unified Threat Management performance compared to previous generations. 

Despite their sophisticated architecture, these devices remain susceptible to software vulnerabilities requiring regular security updates.

Users are strongly advised to install the patches immediately and implement defense-in-depth strategies, including minimizing external management interface exposure and implementing strong authentication policies. 

The discovery underscores the critical importance of regular security updates for network security appliances, which often serve as the first line of defense against external threats.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

The post Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls appeared first on Cyber Security News.