CVE-2025-11845
CVE-2025-11845 is a medium-severity vulnerability in Zyxel Lte3301-plus Firmware with a CVSS 3.x base score of 4.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-476.
Key facts
- Severity: Medium (CVSS 3.x base score 4.9)
- EPSS exploit prediction: 1% (52nd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-207562
- Weakness: CWE-476
- Affected product: Zyxel Lte3301-plus Firmware
- Published:
- Last modified:
Description
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
Frequently asked questions
- What is CVE-2025-11845?
- A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
- How severe is CVE-2025-11845?
- CVE-2025-11845 has a CVSS 3.x base score of 4.9, rated medium severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2025-11845 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (52nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-11845?
- CVE-2025-11845 primarily affects Zyxel Lte3301-plus Firmware. In total, 54 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2025-11845?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-11845 have an EU (EUVD) identifier?
- Yes. CVE-2025-11845 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-207562.
- When was CVE-2025-11845 published?
- CVE-2025-11845 was published on 2026-02-24 and last updated on 2026-06-17.
References
Affected products (54)
- cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_fwa505_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:gm4100-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pm7500-00_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Zyxel Lte3301-plus Firmware
- CVE-2025-13942 — Critical (CVSS 9.8): A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through…
- CVE-2024-8748 — High (CVSS 7.5): A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K…
- CVE-2022-43392 — Medium (CVSS 6.5): A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which…
- CVE-2022-43391 — Medium (CVSS 6.5): A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0,…
- CVE-2021-35036 — Medium (CVSS 6.5): A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could…
- CVE-2024-0816 — Medium (CVSS 5.5): The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local…
All CVEs affecting Zyxel Lte3301-plus Firmware →
Other CWE-476 (NULL Pointer Dereference) vulnerabilities
- CVE-2022-36648 — Critical (CVSS 10.0): The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier,…
- CVE-2020-14500 — Critical (CVSS 10.0): Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
- CVE-2010-2495 — Critical (CVSS 10.0): The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does…
- CVE-2026-46195 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building…
- CVE-2026-31657 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by…
- CVE-2026-31436 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor…
Browse all CWE-476 (NULL Pointer Dereference) vulnerabilities →