What is CVE-2025-0890?

CVE-2025-0890 is a critical-severity vulnerability in Zyxel Vmg4325-b10a Firmware, classified under Improper Authentication. CVSS score: 9.8/10. Published 2025-02-04.

How severe is CVE-2025-0890?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2025-0890 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Zyxel Vmg4325-b10a Firmware

CVE-2025-0890

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the admin…

Vulnerability class: Broken Authentication

EPSS: 0.217 (95.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zyxel Vmg4325-b10a Firmware — versions <= 1.00(AAFR.4)C0_20170615

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

Ostorlab/KEV

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for… (vendor-advisory)

Frequently asked questions

What is CVE-2025-0890?: CVE-2025-0890 is a critical-severity vulnerability in Zyxel Vmg4325-b10a Firmware, classified under Improper Authentication. CVSS score: 9.8/10. Published 2025-02-04.
How severe is CVE-2025-0890?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2025-0890 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.