CVE-2025-1732

Name of the Vulnerable Software and Affected Versions USG FLEX H series uOS firmware version V1.31 and earlier

Description An improper privilege management issue in the recovery function could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

Recommendations For USG FLEX H series uOS firmware version V1.31 and earlier, consider disabling the recovery function until a patch is available to prevent potential privilege escalation. Restrict access to the device to minimize the risk of exploitation. Avoid using the recovery function with administrator privileges until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.