CVE-2025-0890

CRITICAL EXPLOITED

Zyxel Legacy DSL CPE Firmware - Insecure Default Telnet Credentials

Title source: llm

Exploitation Summary

CVE-2025-0890 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

Scores

CVSS v3 9.8

EPSS 0.1293

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-20

CWE

CWE-522 CWE-287

Status published

Products (14)

zyxel/sbg3300-n000_firmware

zyxel/sbg3300-nb00_firmware

zyxel/sbg3500-n000_firmware

zyxel/sbg3500-nb00_firmware

zyxel/vmg1312-b10a_firmware

zyxel/vmg1312-b10b_firmware

zyxel/vmg1312-b10e_firmware

zyxel/vmg3312-b10a_firmware

zyxel/vmg3313-b10a_firmware

zyxel/vmg3926-b10b_firmware

... and 4 more

Published Feb 04, 2025

Tracked Since Feb 18, 2026