Zyxel security advisory for path traversal vulnerability in APs
CVE: CVE-2025-6265
Summary
Zyxel has released patches to address a path traversal vulnerability in the file_upload-cgi CGI program of certain access point (AP) firmware versions. Users are advised to install these patches for optimal protection.
What is the vulnerability?
The path traversal vulnerability in the file_upload-cgi CGI program of certain AP firmware versions could allow an authenticated attacker with administrator privileges to access specific directories and delete files—such as the configuration file—on a vulnerable device. It is important to note that AP management interfaces are typically accessed within a LAN environment, and this attack would only be successful if strong, unique administrator passwords had already been compromised.
What versions are vulnerable—and what should you do?
After a thorough investigation, we identified the vulnerable AP firmware versions and released patches for models still within their vulnerability support period, as shown in the table below. Please note that on-market products not listed in the table remain unaffected.
| Affected model | Affected version | Patch availability |
|---|---|---|
| NWA50AX | 7.10(ABYW.1) and earlier | 7.10(ABYW.3) |
| NWA50AX PRO | 7.10(ACGE.2) and earlier | 7.10(ACGE.3) |
| NWA55AXE | 7.10(ABZL.1) and earlier | 7.10(ABZL.3) |
| NWA90AX | 7.10(ACCV.1) and earlier | 7.10(ACCV.3) |
| NWA90AX PRO | 7.10(ACGF.2) and earlier | 7.10(ACGF.3) |
| NWA110AX | 7.10(ABTG.1) and earlier | 7.10(ABTG.3) |
| NWA130BE | 7.10(ACIL.2) and earlier | 7.20(ACIL.1) |
| NWA210AX | 7.10(ABTD.1) and earlier | 7.10(ABTD.3) |
| NWA220AX-6E | 7.10(ACCO.1) and earlier | 7.10(ACCO.3) |
| NWA1123AC PRO | 6.28(ABHD.3) and earlier | Hotfix by request |
| WAC500H | 6.70(ABWA.6) and earlier | 6.70(ABWA.7) |
| WAC5302D-Sv2 | 6.25(ABVZ.9) and earlier | Hotfix by request |
| WAC6103D-I | 6.28(AAXH.3) and earlier | Hotfix by request |
| WAX300H | 7.10(ACHF.1) and earlier | 7.10(ACHF.3) |
| WAX510D | 7.10(ABTF.1) and earlier | 7.10(ABTF.3) |
| WAX610D | 7.10(ABTE.1) and earlier | 7.10(ABTE.3) |
| WAX620D-6E | 7.10(ACCN.1) and earlier | 7.10(ACCN.3) |
| WAX630S | 7.10(ABZD.1) and earlier | 7.10(ABZD.3) |
| WAX640S-6E | 7.10(ACCM.1) and earlier | 7.10(ACCM.3) |
| WAX650S | 7.10(ABRM.1) and earlier | 7.10(ABRM.3) |
| WAX655E | 7.10(ACDO.1) and earlier | 7.10(ACDO.3) |
| WBE530 | 7.10(ACLE.2) and earlier | 7.20(ACLE.1) |
| WBE660S | 7.10(ACGG.2) and earlier | 7.20(ACGG.1) |
Got a question?
Please contact your local service rep or visit Zyxel's Community for further information or assistance.
Revision history
2025-7-15: Initial release