CVE-2025-6599

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Published: 2025-11-18 Last update: 2025-12-16 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-6599 is rated Low Risk (26.7/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.05%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-6599

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-24 0.04% 0.05% +0.01%
2 2025-11-18 0.04%

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-6599

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.3 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:L)
Might cause slowdowns, glitches, or partial disruption—not a full brick.
 3.9 1.4 [email protected]
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 [email protected]

Weakness enumeration for CVE-2025-6599

Affected software / configurations for CVE-2025-6599

Vendor Product Version Raw CPE
zyxel lte3301-plus_firmware <= 1.00\(abqu.7\)c0 cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*
zyxel nr5103_firmware <= 4.19\(abyc.8\)c0 cpe:2.3:o:zyxel:nr5103_firmware:*:*:*:*:*:*:*:*
zyxel nr5103e_firmware <= 1.00\(acdj.1\)c0 cpe:2.3:o:zyxel:nr5103e_firmware:*:*:*:*:*:*:*:*
zyxel nr5309_firmware <= 1.00\(ackp.1\)b3 cpe:2.3:o:zyxel:nr5309_firmware:*:*:*:*:*:*:*:*
zyxel nr7302_firmware <= 5.00\(acha.5\)c0 cpe:2.3:o:zyxel:nr7302_firmware:*:*:*:*:*:*:*:*
zyxel nr7303_firmware <= 1.00\(acei.1\)c0 cpe:2.3:o:zyxel:nr7303_firmware:*:*:*:*:*:*:*:*
zyxel nebula_fwa505_firmware <= 1.19\(acko.0\)c0 cpe:2.3:o:zyxel:nebula_fwa505_firmware:*:*:*:*:*:*:*:*
zyxel nebula_fwa510_firmware <= 1.20\(acgd.1\)c0 cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*
zyxel nebula_fwa515_firmware <= 1.50\(acpz.0\)c0 cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*
zyxel nebula_fwa710_firmware <= 1.20\(acgc.0\)c0 cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*
zyxel dm4200-b0_firmware <= 5.17\(acbs.1.3\)c0 cpe:2.3:o:zyxel:dm4200-b0_firmware:*:*:*:*:*:*:*:*
zyxel dx3300-t0_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*
zyxel dx3300-t1_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*
zyxel dx3301-t0_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*
zyxel dx4510-b1_firmware <= 5.17\(abyl.9\)c0 cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*
zyxel dx5401-b0_firmware <= 5.17\(abyo.7\)b2 cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*
zyxel dx5401-b1_firmware <= 5.17\(abyo.7\)b2 cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
zyxel ee3301-00_firmware <= 5.63\(acmu.1.1\)c0 cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*
zyxel ee5301-00_firmware <= 5.63\(acld.1.1\)c0 cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*
zyxel ee6510-10_firmware <= 5.19\(acjq.3\)c0 cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*
zyxel ex3300-t0_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex3300-t0_firmware <= 5.50\(acdi.2.1\)c0 cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex3300-t1_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*
zyxel ex3301-t0_firmware <= 5.50\(abvy.6.3\)c0 cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex3500-t0_firmware <= 5.44\(achr.4\)c0 cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex3501-t0_firmware <= 5.44\(achr.4\)c0 cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex3600-t0_firmware <= 5.70\(acif.1.2\)c0 cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex5401-b0_firmware <= 5.17\(abyo.7\)b2 cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*
zyxel ex5401-b1_firmware <= 5.17\(abyo.7\)b2 cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*
zyxel ex5501-b0_firmware <= 5.17\(abry.5.5\)c0 cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*
zyxel ex5510-b0_firmware <= 5.17\(abqx.10\)c0 cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
zyxel ex5512-t0_firmware <= 5.70\(aceg.5\)c0 cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex5601-t0_firmware <= 5.70\(acdz.4.1\)c0 cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*
zyxel ex5601-t1_firmware <= 5.70\(acdz.4.1\)c0 cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*
zyxel ex7501-b0_firmware <= 5.18\(achn.2.1\)c0 cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*
zyxel ex7710-b0_firmware <= 5.18\(acak.1.4\)c0 cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*
zyxel emg3525-t50b_firmware <= 5.50\(abpm.9.5\)c0 cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*
zyxel emg5523-t50b_firmware <= 5.50\(abpm.9.5\)c0 cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*
zyxel emg5723-t50k_firmware <= 5.50\(abom.8.6\)c0 cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*
zyxel emg6726-b10a_firmware <= 5.13\(abnp.8\)c0 cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*
zyxel gm4100-b0_firmware <= 5.18\(accl.1\)c0 cpe:2.3:o:zyxel:gm4100-b0_firmware:*:*:*:*:*:*:*:*
zyxel vmg3625-t50b_firmware <= 5.50\(abpm.9.5\)c0 cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
zyxel vmg3927-b50b_firmware <= 5.13\(ably.10\)c0 cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*
zyxel vmg3927-t50k_firmware <= 5.50\(abom.8.6\)c0 cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*
zyxel vmg4005-b50a_firmware <= 5.17\(abqa.3\)c0 cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*
zyxel vmg4005-b60a_firmware <= 5.17\(abqa.3\)c0 cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*
zyxel vmg4005-b50b_firmware <= 5.13\(abrl.5.3\)c0 cpe:2.3:o:zyxel:vmg4005-b50b_firmware:*:*:*:*:*:*:*:*
zyxel vmg4927-b50a_firmware <= 5.13\(ably.10\)c0 cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*
zyxel vmg8623-t50b_firmware <= 5.50\(abpm.9.5\)c0 cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*
zyxel vmg8825-t50k_firmware <= 5.50\(abom.8.6\)c0 cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*
zyxel ax7501-b0_firmware <= 5.17\(abpc.6.1\)c0 cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*
zyxel ax7501-b1_firmware <= 5.17\(abpc.6.1\)c0 cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*
zyxel pe3301-00_firmware <= 5.63\(acmt.1.1\)c0 cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*
zyxel pe5301-01_firmware <= 5.63\(acoj.1.1\)c0 cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:*
zyxel pm3100-t0_firmware <= 5.42\(acbf.3\)c0 cpe:2.3:o:zyxel:pm3100-t0_firmware:*:*:*:*:*:*:*:*
zyxel pm5100-t0_firmware <= 5.42\(acbf.3\)c0 cpe:2.3:o:zyxel:pm5100-t0_firmware:*:*:*:*:*:*:*:*
zyxel pm7500-00_firmware <= 5.61\(ackk.1\)c0 cpe:2.3:o:zyxel:pm7500-00_firmware:*:*:*:*:*:*:*:*
zyxel pm7300-t0_firmware <= 5.42\(abyy.3\)c0 cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*
zyxel px3321-t1_firmware <= 5.44\(acjb.1.3\)c0 cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
zyxel px3321-t1_firmware <= 5.44\(achk.1\)c0 cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*
zyxel px5301-t0_firmware <= 5.44\(ackb.0.4\)c0 cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*
zyxel scr_50axe_firmware <= 1.10\(acgn.3\)c0 cpe:2.3:o:zyxel:scr_50axe_firmware:*:*:*:*:*:*:*:*
zyxel we3300-00_firmware <= 5.70\(acka.0\)c0 cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:*
zyxel wx3100-t0_firmware <= 5.50\(abvl.4.7\)c0 cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*
zyxel wx3401-b0_firmware <= 5.17\(abve.2.8\)c0 cpe:2.3:o:zyxel:wx3401-b0_firmware:*:*:*:*:*:*:*:*
zyxel wx3401-b1_firmware <= 5.17\(abve.2.8\)c0 cpe:2.3:o:zyxel:wx3401-b1_firmware:*:*:*:*:*:*:*:*
zyxel wx5600-t0_firmware <= 5.70\(aceb.4.1\)c0 cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*
zyxel wx5610-b0_firmware <= 5.18\(acgj.0.3\)c0 cpe:2.3:o:zyxel:wx5610-b0_firmware:*:*:*:*:*:*:*:*

References for CVE-2025-6599

cvelogic Threat Intelligence