[Vulnerability Hotfix] CVE-2025-6265 Path Traversal Vulnerability

Options
Zyxel_JoyLee
Zyxel_JoyLee Posts: 68  Zyxel Employee
Friend Collector
edited July 18 in WirelessLAN New Release

Firmware versions 6.70 Patch 7, 7.10 Patch 3, and 7.20 Patch 1 address the CVE-2025-6265 potential path traversal vulnerability.
If you are using Standalone mode or Controller-Managed mode, you can download the corresponding AP firmware version from the link below:

AP Model

Patch Availability

NWA50AX

7.10(ABYW.3)

NWA50AX PRO

7.10(ACGE.3)

NWA55AXE

7.10(ABZL.3)

NWA90AX

7.10(ACCV.3)

NWA90AX PRO

7.10(ACGF.3)

NWA110AX

7.10(ABTG.3)

NWA130BE

7.20(ACIL.1)

NWA210AX

7.10(ABTD.3)

NWA220AX-6E

7.10(ACCO.3)

NWA1123AC PRO

6.28(ABHD.3) CVE Hotfix

WAC500H

6.70(ABWA.7)

WAC5302D-Sv2

6.25(ABVZ.9) CVE Hotfix

WAC6103D-I

6.28(AAXH.3) CVE Hotfix

WAX300H

7.10(ACHF.3)

WAX510D

7.10(ABTF.3)

WAX610D

7.10(ABTE.3)

WAX620D-6E

7.10(ACCN.3)

WAX630S

7.10(ABZD.3)

WAX640S-6E

7.10(ACCM.3)

WAX650S

7.10(ABRM.3)

WAX655E

7.10(ACDO.3)

WBE530

7.20(ACLE.1)

WBE660S

7.20(ACGG.1)

However, if you are a Nebula-managed user, please note that manually upgrading your AP to the above-mentioned firmware versions may cause issues.

*As the Nebula server has not yet been updated to support the new feature configurations, any modifications to WLAN-related settings may not be successfully propagated to the access point.
Therefore, if you urgently need to apply the vulnerability fix, please avoid modifying any WLAN-related settings after upgrading the AP firmware.

The Nebula is scheduled to be updated on July 28, 2025, to support the corresponding firmware versions.

Once both the AP firmware and the Nebula server are aligned, you will be able to modify WLAN-related settings as usual.