Find notable cyber news and cases, enriched with sources, timelines, and signals.

Zyxel security patch release for CVE-2025-13942

Security Patch Release
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Zyxel released security updates for over a dozen router models, closing CVE-2025-13942 and two related command-injection flaws that could let attackers run OS commands on unpatched devices. The critical bug sits in the UPnP function of 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders. Zyxel said remote abuse of the flaw requires UPnP and WAN access to be enabled, with WAN access disabled by default. The company also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication issues that use compromised credentials.

Related Happenings

Check Point VPN CVE-2026-50751 targeted exploitation wave

Exploitation Wave
H score47 First: 08.06.2026 17:17 Last: 08.06.2026 17:17 Sources 1

About this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...

Check Point security patch release for CVE-2026-50751

Security Patch Release
H score48 First: 08.06.2026 16:05 Last: 08.06.2026 16:05 Sources 1

About this happening: **Check Point** released **security updates** to patch **CVE-2026-50751** in **Remote Access VPN** and **Mobile Access** deployments. The update addressed a **critical authenticat...

Cisco security patch release for CVE-2026-20188

Security Patch Release
H score35 First: 06.05.2026 21:06 Last: 06.05.2026 21:06 Sources 1

About this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...

Palo Alto Networks PAN-OS CVE-2026-0300 patch release

Security Patch Release
H score66 First: 06.05.2026 07:46 Last: 06.05.2026 07:46 Sources 1

About this happening: Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...

Synacor Zimbra CVE-2025-48700 security patch release

Security Patch Release
H score76 First: 24.04.2026 16:35 Last: 24.04.2026 16:35 Sources 1

About this happening: Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...

Timeline

  1. 25.02.2026 14:53 2 articles · 4mo ago

    Zyxel releases patches for CVE-2025-13942 and related command-injection flaws

    Mitigation Patch Update

    Zyxel released security updates for over a dozen router and CPE models to fix CVE-2025-13942, a critical UPnP command-injection flaw that could let unauthenticated attackers run OS commands on unpatched devices through maliciously crafted UPnP SOAP requests. The same update cycle also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication command-injection vulnerabilities that can be abused with compromised credentials. Zyxel said successful remote abuse of CVE-2025-13942 requires both UPnP and WAN access to be enabled, with WAN access disabled by default on the affected devices.

    Show sources