CVE-2025-11848 Zyxel — Exploit & Vulnerability Details MEDIUM

CVE-2025-11848

MEDIUM CVSS 3.1: 4.9 EPSS 0.04%

Parameter	Value
CVSS	4.9 (MEDIUM)
Type	CWE-476 (NULL Pointer Dereference)
Vendor	Zyxel
Public PoC	No

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-476 NULL Pointer Dereference

References 1

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advi…

security@zyxel.com.tw

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1459

Zyxel

7.2

CVE-2025-13943

Zyxel

8.8

CVE-2025-13942

Zyxel

9.8

CVE-2025-11847

Zyxel

4.9

CVE-2025-11846

Zyxel

4.9

Menu

CVE-2025-11848

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1459

CVE-2025-13943

CVE-2025-13942

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Menu

CVE-2025-11848

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1459

CVE-2025-13943

CVE-2025-13942

CVE-2025-11847

CVE-2025-11846

CVE Details

Editor's Choice

Stay informed on cybersecurity