CVE-2025-6599

MEDIUM

Zyxel DX3301-T0 <5.50(ABVY.6.3)C0 - DoS

Title source: llm

Description

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (50)

zyxel/ax7501-b0_firmware < 5.17\(abpc.6.1\)c0

zyxel/ax7501-b1_firmware < 5.17\(abpc.6.1\)c0

zyxel/dm4200-b0_firmware < 5.17\(acbs.1.3\)c0

zyxel/dx3300-t0_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx3300-t1_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx3301-t0_firmware < 5.50\(abvy.6.3\)c0

zyxel/dx4510-b1_firmware < 5.17\(abyl.9\)c0

zyxel/dx5401-b0_firmware < 5.17\(abyo.7\)b2

zyxel/dx5401-b1_firmware < 5.17\(abyo.7\)b2

zyxel/ee3301-00_firmware < 5.63\(acmu.1.1\)c0

... and 40 more

Published Nov 18, 2025

Tracked Since Feb 18, 2026