What is the CVSS score of CVE-2025-11846?

CVE-2025-11846 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ax7501 B1 Firmware are affected by CVE-2025-11846?

Organizations using the account settings CGI program of the Zyxel VMG3625-T50B firmware should be aware of moderate risk from CVE-2025-11846, a null pointer dereference vulnerability rated CVSS 4.9.

How to fix or mitigate CVE-2025-11846?

Within 30 days: Identify affected systems running the account settings CGI program of the Zyxel VMG3625-T50B f and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ax7501 B1 Firmware CVE-2025-11846

MEDIUM

NULL Pointer Dereference (CWE-476)

2026-02-24 security@zyxel.com.tw

Null Pointer Dereference Zyxel Ax7501 B1 Firmware Dx3300 T0 Firmware Dx3300 T1 Firmware Dx3301 T0 Firmware Dx4510 B0 Firmware Dx4510 B1 Firmware Dx5401 B1 Firmware Ee3301 00 Firmware Ee5301 00 Firmware Ee6510 10 Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware Ex2210 T0 Firmware Ex3300 T0 Firmware Ex3300 T1 Firmware Ex3301 T0 Firmware Ex3500 T0 Firmware Ex3501 T0 Firmware Ex3510 B0 Firmware Ex3510 B1 Firmware Ex3600 T0 Firmware Ex5401 B1 Firmware Ex5510 B0 Firmware Ex5512 T0 Firmware Ex5601 T0 Firmware Ex5601 T1 Firmware Ex7501 B0 Firmware Ex7710 B0 Firmware Gm4100 B0 Firmware Lte3301 Plus Firmware Nebula Fwa505 Firmware Nebula Fwa510 Firmware Nebula Fwa515 Firmware Nebula Fwa710 Firmware Nebula Lte3301 Plus Firmware Pe3301 00 Firmware Pe5301 01 Firmware Pm3100 T0 Firmware Pm5100 T0 Firmware Pm5100 T1 Firmware Pm7300 T0 Firmware Pm7500 00 Firmware Px3321 T1 Firmware Px5301 T0 Firmware Scr 50axe Firmware Vmg3625 T50b Firmware Vmg4005 B50a Firmware Vmg4005 B60a Firmware Vmg8623 T50b Firmware We3300 00 Firmware Wx3100 T0 Firmware Wx3401 B1 Firmware Wx5600 T0 Firmware Wx5610 B0 Firmware

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 02:16 nvd

MEDIUM 4.9

DescriptionNVD

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

AnalysisAI

Technical ContextAI

Classified as CWE-476 (NULL Pointer Dereference). Affects Lte3301-Plus Firmware. A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-11846 vulnerability details – vuln.today

Back

Ax7501 B1 Firmware CVE-2025-11846

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code