Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Zyxel security patch release for CVE-2025-13942

Security Patch Release
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Zyxel released security updates for over a dozen router models, closing CVE-2025-13942 and two related command-injection flaws that could let attackers run OS commands on unpatched devices. The critical bug sits in the UPnP function of 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders. Zyxel said remote abuse of the flaw requires UPnP and WAN access to be enabled, with WAN access disabled by default. The company also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication issues that use compromised credentials.

Related Happenings

Cisco security patch release for CVE-2026-20188

Security Patch Release
First: 06.05.2026 21:06 Last: 06.05.2026 21:06 Sources 1

About this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...

Open Happening

Palo Alto Networks PAN-OS CVE-2026-0300 patch release

Security Patch Release
First: 06.05.2026 07:46 Last: 06.05.2026 07:46 Sources 1

About this happening: Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...

Open Happening

Synacor Zimbra CVE-2025-48700 security patch release

Security Patch Release
First: 24.04.2026 16:35 Last: 24.04.2026 16:35 Sources 1

About this happening: Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...

Open Happening

TP-Link security patch release for CVE-2025-15517

Security Patch Release
First: 25.03.2026 13:11 Last: 25.03.2026 13:11 Sources 1

About this happening: **TP-Link** released **security updates** for its **Archer NX** router series to close a critical authentication-bypass flaw that could let attackers upload firmware without loggi...

Open Happening

Apple security patch release for CVE-2023-43010

Security Patch Release
First: 12.03.2026 11:58 Last: 12.03.2026 11:58 Sources 1

About this happening: **Apple** backported **Coruna-linked WebKit fixes** to **older iOS and iPadOS devices**, reducing exposure on legacy hardware that cannot move to the latest release. The update ex...

Open Happening

Timeline

  1. 25.02.2026 14:53 2 articles · 3mo ago

    Zyxel releases patches for CVE-2025-13942 and related command-injection flaws

    Mitigation Patch Update

    Zyxel released security updates for over a dozen router and CPE models to fix CVE-2025-13942, a critical UPnP command-injection flaw that could let unauthenticated attackers run OS commands on unpatched devices through maliciously crafted UPnP SOAP requests. The same update cycle also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication command-injection vulnerabilities that can be abused with compromised credentials. Zyxel said successful remote abuse of CVE-2025-13942 requires both UPnP and WAN access to be enabled, with WAN access disabled by default on the affected devices.

    Show sources
    Open in new tab