Description

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.

INFO

Published Date :

2025-04-22T01:52:04.064Z

Last Modified :

2026-02-26T18:28:09.056Z

Source :

Zyxel
AFFECTED PRODUCTS

The following products are affected by CVE-2025-1731 vulnerability.

Vendors Products
Zyxel
  • Uos
  • Usg Flex 100h
  • Usg Flex 100hp
  • Usg Flex 200h
  • Usg Flex 200hp
  • Usg Flex 500h
  • Usg Flex 50h
  • Usg Flex 50hp
  • Usg Flex 700h
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1731.

URL Resource
http://seclists.org/fulldisclosure/2025/Apr/27 cve-icon
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact