CVE Discoveries
A comprehensive list of security vulnerabilities I've discovered and responsibly disclosed.
CVE-2025-11730
Coming Soon!
TBE
CVE-2025-9133
USG/ZyWALL Series - Authentication Bypass
A missing authorization vulnerability in Zyxel ATP series firmware versions from could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
CVE-2025-8078
USG/ZyWALL Series - Remote Code Execution via CLI Command Injection
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command.
CVE-2025-1732
Local Privilege Escalation on ZYXEL FLEX H Series
An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
CVE-2025-1731
Remote Code Execution on ZYXEL FLEX H Series
An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token.