ctipilot.ch

Huawei VRP enterprise-router zero-day caused POST Luxembourg nationwide telecom outage (23 July 2025); no CVE assigned 10 months later

incident · item:huawei-vrp-enterprise-router-zero-day-post-luxembourg-2025-o

Coverage timeline
1
first 2026-05-20 → last 2026-05-20
Briefs
1
1 distinct
Sources cited
1
1 hosts
Sections touched
1
active_threats
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-20CTI Daily Brief — 2026-05-20
    active_threatsFirst-coverage; Recorded Future News investigation; SINGLE-SOURCE high-reliability journalism; vendor advisory-portal disclosure-gap structural finding

Where this entity is cited

  • active_threats1

Source distribution

  • therecord.media1 (100%)

All cited sources (1)

Items in briefs about Huawei VRP enterprise-router zero-day caused POST Luxembourg nationwide telecom outage (23 July 2025); no CVE assigned 10 months later (1)

Huawei VRP enterprise-router zero-day caused POST Luxembourg nationwide telecom outage (July 2025) — no CVE filed 10 months later [SINGLE-SOURCE]

From CTI Daily Brief — 2026-05-20 · published 2026-05-20 · view item permalink →

Recorded Future News disclosed on 2026-05-19 that a zero-day vulnerability in Huawei VRP (Versatile Routing Platform) operating-system software on enterprise routers was the root cause of the POST Luxembourg nationwide telecom outage of 23 July 2025 — disruption of landline, 4G, and 5G networks for more than three hours that triggered hundreds of calls to emergency services when service returned. POST Luxembourg head of communications Paul Rausch is quoted on record: the incident "exploited a non-public, non-documented behaviour, for which no patch was available at the time" and "was not related to the exploitation of any known or previously documented vulnerabilities." The attack mechanism was specially crafted network traffic that sent Huawei enterprise routers into a continuous restart loop; Luxembourg prosecutors stated they found "no evidence that an attack was specifically directed at POST Luxembourg" — the traffic appears to have transited the network rather than being targeted. Luxembourg cybersecurity authorities alerted partner IR teams across Europe through government channels at the time.

Why it matters to us: Ten months on, no CVE has been assigned in any public database, Huawei has not publicly acknowledged the vulnerability, and Huawei enterprise security advisories continue to be published through a restricted customer portal rather than as public CVEs. Whether the flaw is patched, how many operators are exposed, and whether similar Huawei enterprise routers in Swiss / German / EU telco fleets remain vulnerable is unknown. Operators running Huawei enterprise routers should escalate this with their Huawei account team and demand explicit status on the Luxembourg advisory. The 10-month disclosure gap is itself the structural lesson — vendor-restricted advisory portals leave critical-infrastructure operators outside the standard vuln-mgmt pipeline. [SINGLE-SOURCE — Recorded Future News, named institutional sources].