Zyxel Networks has recently released essential security patches to mitigate two significant vulnerabilities identified in its USG FLEX H series firewalls. These vulnerabilities, cataloged as CVE-2025-1731 and CVE-2025-1732, could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices.
Overview of the Vulnerabilities
The first vulnerability, CVE-2025-1731, is an incorrect permission assignment flaw found in the PostgreSQL commands of the USG FLEX H series uOS firmware versions ranging from V1.20 to V1.31. This critical issue has been assigned a CVSS base score of 7.8, indicating a high severity level. It enables an authenticated local attacker with limited privileges to access the Linux shell and escalate their privileges to an administrator level. The exploitation of this vulnerability is particularly concerning as it allows attackers to craft malicious scripts or modify system configurations through a stolen token. However, such modifications are only feasible if the administrator remains logged in and their token is still valid.
The second vulnerability, CVE-2025-1732, involves improper privilege management within the recovery function of the same firmware versions. This flaw could permit an authenticated local attacker with administrator privileges to upload a specially crafted configuration file, leading to further privilege escalation on vulnerable devices.
Discovery and Reporting
These vulnerabilities were identified by security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security. Their findings have been instrumental in prompting Zyxel to develop and release the necessary patches to address these security issues.
Affected Systems and Patch Availability
Zyxel’s thorough investigation has determined that the USG FLEX H series is the sole product line affected by these vulnerabilities within the current support period. To remediate these issues, Zyxel has released firmware update uOS V1.32, which addresses both CVE-2025-1731 and CVE-2025-1732.
Recommendations for Users
Given the severity of these vulnerabilities, it is strongly recommended that users of the USG FLEX H series firewalls promptly install the latest firmware update. Privilege escalation vulnerabilities are often exploited in targeted attacks against enterprise environments, making timely patching crucial.
In addition to applying the patches, users should implement comprehensive defense-in-depth strategies. This includes minimizing the exposure of external management interfaces and enforcing robust authentication policies. Regular security updates are vital for network security appliances, which often serve as the first line of defense against external threats.
Background on USG FLEX H Series
The USG FLEX H series represents Zyxel’s advanced security solution, featuring next-generation multi-core hardware. These devices deliver three times the performance in firewall, VPN, and Unified Threat Management compared to previous generations. Despite their sophisticated architecture, these devices are not immune to software vulnerabilities, underscoring the importance of regular security updates and vigilant security practices.
Conclusion
The discovery and prompt patching of these vulnerabilities highlight the critical importance of maintaining up-to-date security measures in network appliances. Organizations utilizing Zyxel’s USG FLEX H series firewalls should take immediate action to apply the available patches and review their security protocols to safeguard against potential exploits.
