How to fix CVE-2025-11848?

Within 30 days: Identify affected systems running the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmwa and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Null Pointer Dereference affected by CVE-2025-11848?

Organizations using the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware should be aware of moderate risk from CVE-2025-11848, a null pointer dereference vulnerability rated CVSS 4.9. Exploitation could compromise the security of affected deployments.

CVE-2025-11848

MEDIUM

2026-02-24 [email protected]

4.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 03:16 nvd

MEDIUM 4.9

Tags

Zyxel Null Pointer Dereference Ex3300 T1 Firmware Emg5523 T50b Firmware Ex3600 T0 Firmware Px3321 T1 Firmware Vmg4005 B60a Firmware Gm4100 B0 Firmware Vmg4005 B50a Firmware Ex7710 B0 Firmware Wx5610 B0 Firmware Ex7501 B0 Firmware Pm7300 T0 Firmware Dx3300 T1 Firmware Dx3300 T0 Firmware Ee5301 00 Firmware Vmg3625 T50b Firmware Emg3525 T50b Firmware Dx4510 B1 Firmware Ex5512 T0 Firmware Ex5601 T1 Firmware Pm5100 T0 Firmware Ex2210 T0 Firmware Ex3501 T0 Firmware Ex3300 T0 Firmware Pe3301 00 Firmware Ex5601 T0 Firmware We3300 00 Firmware Pm7500 00 Firmware Pm5100 T1 Firmware Ee3301 00 Firmware Ex3500 T0 Firmware Dx3301 T0 Firmware Vmg8623 T50b Firmware Wx3100 T0 Firmware Ex5510 B0 Firmware Pm3100 T0 Firmware Scr 50axe Firmware Ex3510 B1 Firmware Px5301 T0 Firmware Ex5401 B1 Firmware Dx5401 B1 Firmware Ee6510 10 Firmware Dx4510 B0 Firmware Pe5301 01 Firmware Ax7501 B1 Firmware Wx5600 T0 Firmware Wx3401 B1 Firmware Ex3301 T0 Firmware Ex3510 B0 Firmware

Description

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Analysis

Technical Context

Classified as CWE-476 (NULL Pointer Dereference). Affects Ee5301-00 Firmware. A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Affected Products

Vendor: Zyxel. Product: Ee5301-00 Firmware. Versions: up to 5.50.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +24

POC: 0

CVE-2025-11848 vulnerability details – vuln.today

Back

CVE-2025-11848

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code