Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: DoS and potentially Remote Code Execution in Zyxel VMG8825-T50K, Patch Immediately!
Image
Published : 22/07/2025
- Last update: 22/07/2025
- Affected software:
→ Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0- Type: DoS and potentially Remote Code Execution
- CVE/CVSS
→ CVE-2025-7673: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A newly discovered buffer overflow vulnerability in the URL parser of the Zyxel VMG8825-T50K web server allows unauthenticated attackers to crash the device or potentially execute remote code by sending crafted HTTP requests.
The VMG8825-T50K is a dual-band VDSL2 Gigabit gateway widely used by ISPs for delivering high speed internet, VoIP, and IPTV services across homes and enterprises.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2025-7673, has been identified in the zhttpd web server of multiple Zyxel CPE models. This flaw arises from a buffer overflow in the URL parser that may allow unauthenticated attackers to cause a denial-of-service (DoS) condition or remotely execute arbitrary code.
In affected models, exploitation is possible by sending a specially crafted HTTP request to the device, requiring no prior authentication. Successful exploitation could allow attackers to crash the system or gain control, depending on the target configuration and firmware.
Zyxel has confirmed the vulnerability impacts a wide range of models including the VMG8825-T50K, a dual-band VDSL2 Gigabit gateway commonly deployed by ISPs for triple play services such as broadband, VoIP, and IPTV. Firmware updates addressing this issue have been released, and users are strongly urged to apply the patches immediately. ISP customized models may require contacting Zyxel support for tailored firmware updates.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.