CVE-2025-6599

Name: CVE-2025-6599
Creator: NVD / NIST
Published: 2025-11-18T02:15:45.21+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2025-6599 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.27%

19.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Zyxel	Lte3301-Plus Firmware	<= 1.00\(abqu.7\)c0
Zyxel	Nr5103 Firmware	<= 4.19\(abyc.8\)c0
Zyxel	Nr5103e Firmware	<= 1.00\(acdj.1\)c0
Zyxel	Nr5309 Firmware	<= 1.00\(ackp.1\)b3
Zyxel	Nr7302 Firmware	<= 5.00\(acha.5\)c0
Zyxel	Nr7303 Firmware	<= 1.00\(acei.1\)c0
Zyxel	Nebula Fwa505 Firmware	<= 1.19\(acko.0\)c0
Zyxel	Nebula Fwa510 Firmware	<= 1.20\(acgd.1\)c0
Zyxel	Nebula Fwa515 Firmware	<= 1.50\(acpz.0\)c0
Zyxel	Nebula Fwa710 Firmware	<= 1.20\(acgc.0\)c0
Zyxel	Dm4200-B0 Firmware	<= 5.17\(acbs.1.3\)c0
Zyxel	Dx3300-T0 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Dx3300-T1 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Dx3301-T0 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Dx4510-B1 Firmware	<= 5.17\(abyl.9\)c0
Zyxel	Dx5401-B0 Firmware	<= 5.17\(abyo.7\)b2
Zyxel	Dx5401-B1 Firmware	<= 5.17\(abyo.7\)b2
Zyxel	Ee3301-00 Firmware	<= 5.63\(acmu.1.1\)c0
Zyxel	Ee5301-00 Firmware	<= 5.63\(acld.1.1\)c0
Zyxel	Ee6510-10 Firmware	<= 5.19\(acjq.3\)c0
Zyxel	Ex3300-T0 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Ex3300-T0 Firmware	<= 5.50\(acdi.2.1\)c0
Zyxel	Ex3300-T1 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Ex3301-T0 Firmware	<= 5.50\(abvy.6.3\)c0
Zyxel	Ex3500-T0 Firmware	<= 5.44\(achr.4\)c0
Zyxel	Ex3501-T0 Firmware	<= 5.44\(achr.4\)c0
Zyxel	Ex3600-T0 Firmware	<= 5.70\(acif.1.2\)c0
Zyxel	Ex5401-B0 Firmware	<= 5.17\(abyo.7\)b2
Zyxel	Ex5401-B1 Firmware	<= 5.17\(abyo.7\)b2
Zyxel	Ex5501-B0 Firmware	<= 5.17\(abry.5.5\)c0
Zyxel	Ex5510-B0 Firmware	<= 5.17\(abqx.10\)c0
Zyxel	Ex5512-T0 Firmware	<= 5.70\(aceg.5\)c0
Zyxel	Ex5601-T0 Firmware	<= 5.70\(acdz.4.1\)c0
Zyxel	Ex5601-T1 Firmware	<= 5.70\(acdz.4.1\)c0
Zyxel	Ex7501-B0 Firmware	<= 5.18\(achn.2.1\)c0
Zyxel	Ex7710-B0 Firmware	<= 5.18\(acak.1.4\)c0
Zyxel	Emg3525-T50b Firmware	<= 5.50\(abpm.9.5\)c0
Zyxel	Emg5523-T50b Firmware	<= 5.50\(abpm.9.5\)c0
Zyxel	Emg5723-T50k Firmware	<= 5.50\(abom.8.6\)c0
Zyxel	Emg6726-B10a Firmware	<= 5.13\(abnp.8\)c0
Zyxel	Gm4100-B0 Firmware	<= 5.18\(accl.1\)c0
Zyxel	Vmg3625-T50b Firmware	<= 5.50\(abpm.9.5\)c0
Zyxel	Vmg3927-B50b Firmware	<= 5.13\(ably.10\)c0
Zyxel	Vmg3927-T50k Firmware	<= 5.50\(abom.8.6\)c0
Zyxel	Vmg4005-B50a Firmware	<= 5.17\(abqa.3\)c0
Zyxel	Vmg4005-B60a Firmware	<= 5.17\(abqa.3\)c0
Zyxel	Vmg4005-B50b Firmware	<= 5.13\(abrl.5.3\)c0
Zyxel	Vmg4927-B50a Firmware	<= 5.13\(ably.10\)c0
Zyxel	Vmg8623-T50b Firmware	<= 5.50\(abpm.9.5\)c0
Zyxel	Vmg8825-T50k Firmware	<= 5.50\(abom.8.6\)c0

Showing 50 of 68 affected configurations. See NVD for the full list.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025Vendor Advisory

Timeline

Published: Nov 18, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-6599?

How severe is CVE-2025-6599?

CVE-2025-6599 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2025-6599?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-6599?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST