CVE-2025-8693 HIGH

CVE-2025-8693

Vendor Zyxel

Product DX3300-T0 firmware

Weakness CWE-78

Published November 18, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Key dates

02Disclosure timeline

November 18, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8693

Related vulnerabilities

04Related CVE

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt CVE-2023-34254 Remote inventory task command injection when using ssh command mode CVE-2021-34722 Cisco IOS XR Software Command Injection Vulnerabilities