What is the CVSS score of CVE-2025-1731?

CVE-2025-1731 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of PostgreSQL are affected by CVE-2025-1731?

Organizations using the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware face notable risk from CVE-2025-1731, a incorrect permissions vulnerability rated CVSS 7.8.

Is there a public PoC exploit available for CVE-2025-1731?

Yes, a public proof-of-concept exploit is available for CVE-2025-1731. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-1731?

Within 7 days: Identify all affected systems running the PostgreSQL commands of the Zyxel USG FLEX H series uOS f and apply vendor patches promptly. Monitor vendor channels for patch availability.

PostgreSQL CVE-2025-1731

HIGH

Incorrect Permission Assignment for Critical Resource (CWE-732)

2025-04-22 security@zyxel.com.tw

Zyxel PostgreSQL Privilege Escalation Uos

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

PoC Detected

Oct 30, 2025 - 17:55 vuln.today

Public exploit code

CVE Published

Apr 22, 2025 - 03:15 nvd

HIGH 7.8

DescriptionCVE.org

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.

AnalysisAI

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid. Affected products include: Zyxel Uos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.