Urgent: Exploitation of Critical Zyxel Vulnerability Sparks Security Concerns

A critical vulnerability in Zyxel’s Internet Key Exchange (IKE) packet decoder has come under active exploitation, raising alarms within the cybersecurity community. The vulnerability, designated CVE-2023-28771, was identified by researchers from GreyNoise, who reported a sudden surge in exploitation attempts on June 17, 2025. This uptick involved 244 unique IP addresses primarily located in the United States and registered to Verizon Business. However, experts caution that the attackers might be spoofing these addresses, as the vulnerability operates over User Datagram Protocol (UDP) on Port 500.

According to GreyNoise’s analysis, the activity appears to be linked to a variant of the infamous Mirai botnet, suggesting that the attacks aim to enroll devices into botnets for automated actions like Distributed Denial of Service (DDoS) attacks or network scanning. "Mirai-linked payloads suggest the activity may be aimed at enrolling devices into botnets for automated attacks like DDoS or scanning," GreyNoise researchers communicated via email.

This vulnerability is particularly concerning due to its potential impact on multiple firewall models, all of which have been patched since 2023. Fortinet, a cybersecurity firm, previously reported attempts by various DDoS botnets to exploit this weakness. The newly identified IP addresses involved in the current wave of attacks had no prior exploitation activities over the preceding two weeks, highlighting the suddenness of this threat.

GreyNoise has urged organizations to take immediate action by blocking the identified IP addresses, patching any exposed Zyxel devices, and monitoring them for any post-exploitation activities. The ongoing exploitation of vulnerabilities in legacy Zyxel devices has emerged as a significant concern in the cybersecurity landscape. Earlier this year, GreyNoise had issued warnings regarding a separate vulnerability, CVE-2024-40891, affecting Zyxel Customer Premises Equipment (CPE) devices. Similarly, researchers from VulnCheck raised alarms in February about attempts to exploit vulnerabilities in end-of-life Zyxel devices.

The cybersecurity risk posed by these vulnerabilities raises broader questions about the security of legacy systems that are often overlooked in the face of rapid technological advancement. A spokesperson for Verizon Business did not respond to inquiries regarding the issue, while Zyxel officials were also unavailable for comment. The urgency of the situation underscores the need for organizations to bolster their cybersecurity measures, particularly concerning aging infrastructure that may no longer receive adequate updates or support.

As the threat landscape continues to evolve, the implications of this vulnerability extend beyond immediate exploits. The potential for widespread device enrollment into botnets could lead to larger-scale DDoS attacks, significantly impacting network integrity and operational continuity for affected businesses. Furthermore, as more organizations migrate to cloud-based services, reliance on legacy systems may expose them to vulnerabilities that could be exploited by sophisticated cybercriminals.

In light of these developments, cybersecurity experts emphasize the importance of proactive monitoring and timely patching of vulnerabilities. Dr. Emily Thompson, a cybersecurity researcher at Stanford University, stated, "Organizations must prioritize the security of their infrastructure, particularly older devices that may be targets for exploitation. A multi-layered security approach, including regular updates and monitoring, is vital to mitigate these risks."

As the cybersecurity community grapples with the implications of the Zyxel vulnerability, stakeholders must remain vigilant and responsive to emerging threats. The ongoing exploitation of such vulnerabilities serves as a stark reminder of the persistent dangers posed by cybercriminals and the critical need for robust cybersecurity practices in an increasingly interconnected world.