top of page
Search

AI Agents Uncover Critical Zero-Day in Global Networking Gear

  • Dec 29, 2025
  • 2 min read

Key Findings


  • Autonomous AI agents discovered a critical, unpatched vulnerability (CVE-2025-54322) in networking gear manufactured by Xspeeder, a Chinese vendor known for routers and SD-WAN appliances.

  • The vulnerability is a pre-authentication Remote Code Execution (RCE) flaw with a CVSS score of 10.

  • This is the first remotely exploitable zero-day vulnerability discovered by an automated AI platform, according to the report.

  • The vulnerable firmware, SXZOS, powers Xspeeder's SD-WAN devices, which are widely deployed in remote industrial and branch environments.


Background


Xspeeder is a Chinese vendor known for its routers and SD-WAN appliances. The SXZOS firmware powers the company's SD-WAN devices, which are frequently deployed in remote industrial and branch environments, making them critical nodes in enterprise networks.


Vulnerability Discovery


  • The AI agents from pwn.ai were given the simple directive to emulate the device firmware and attempt to achieve unauthorized control.

  • The agents quickly identified a full pre-authentication RCE entry point, bypassing security controls in the device's Nginx middleware.

  • By manipulating specific HTTP headers, the agents were able to execute arbitrary system commands without ever logging in.


Impact and Disclosure


  • The vulnerability is currently a zero-day, as pwn.ai reportedly attempted to contact Xspeeder for over half a year to disclose the flaw responsibly, but received no response.

  • Fingerprinting services have identified tens of thousands of publicly accessible SXZOS-based systems globally, making this a widespread risk.

  • Until a patch is released, organizations using Xspeeder SD-WAN appliances are urged to isolate these devices from the public internet to prevent potential compromise.


Conclusion


The discovery of CVE-2025-54322 by autonomous AI agents represents a significant milestone in the field of automated vulnerability discovery. The ability of these agents to emulate device firmware, identify attack surfaces, and engineer exploits without human intervention highlights the rapid advancements in AI-driven security research. The lack of response from the vendor, coupled with the widespread deployment of the affected devices, underscores the urgent need for improved vendor communication and timely patching of critical vulnerabilities.


Sources


  • https://securityonline.info/cve-2025-54322-cvss-10-ai-agents-uncover-critical-zero-day-in-global-networking-gear/

  • https://x.com/the_yellow_fall/status/2005461358335406110

  • https://x.com/__kokumoto/status/2005486317589971285

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page