PatchSiren cyber security CVE debrief
CVE-2022-30525 Zyxel CVE debrief
CVE-2022-30525 is a Zyxel multiple-firewalls OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-05-16. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize vendor-recommended updates. The supplied corpus does not include affected model lists, firmware versions, or a CVSS score, so remediation should be driven by the vendor guidance referenced by CISA and the official vulnerability records.
- Vendor
- Zyxel
- Product
- Multiple Firewalls
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-05-16
- Original CVE updated
- 2022-05-16
- Advisory published
- 2022-05-16
- Advisory updated
- 2022-05-16
Who should care
Organizations that operate Zyxel firewall appliances, especially internet-facing deployments, should prioritize this issue. Security teams responsible for edge network devices, vulnerability management, and emergency patching should also care because CISA has marked it as known exploited.
Technical summary
The available official record identifies the issue as an OS command injection vulnerability affecting Zyxel multiple firewalls. The CISA KEV entry confirms the vulnerability is known exploited and directs defenders to apply updates per vendor instructions. The provided corpus does not expose the underlying attack path, impacted firmware range, or exploitation preconditions, so those details should be verified in the vendor advisory and official vulnerability records before any maintenance window is planned.
Defensive priority
High. KEV inclusion means this vulnerability should be remediated on an expedited timeline, with priority given to exposed or externally reachable firewall instances and any devices that cannot be quickly verified as patched.
Recommended defensive actions
- Identify all Zyxel firewall assets in the environment, including any Internet-facing appliances.
- Check the vendor advisory and official product guidance referenced by CISA for the correct fixed firmware or update path.
- Apply the vendor-recommended update as soon as operationally possible.
- If immediate patching is delayed, reduce exposure by restricting management access and limiting unnecessary inbound access to the device.
- Verify remediation by confirming installed firmware or software version after maintenance.
- Monitor affected devices for anomalous command execution, configuration changes, or unexpected administrative activity.
Evidence notes
Facts in this debrief are limited to the supplied CISA KEV record and the official links provided in the corpus. The corpus confirms: vendor project Zyxel, product Multiple Firewalls, vulnerability name 'Zyxel Multiple Firewalls OS Command Injection Vulnerability,' KEV date added 2022-05-16, due date 2022-06-06, and the required action 'Apply updates per vendor instructions.' No CVSS score, affected version list, or exploitation details beyond the OS command injection classification were supplied.
Official resources
-
CVE-2022-30525 CVE record
CVE.org
-
CVE-2022-30525 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA added CVE-2022-30525 to the Known Exploited Vulnerabilities catalog on 2022-05-16 and set the remediation due date to 2022-06-06. The supplied corpus indicates no known ransomware campaign use.