CVE-2025-49599 is a medium-severity security vulnerability affecting Huawei optical network terminal (ONT) devices, specifically the EG8141A5, EG8145V5, and EG8145V5-V2 models running firmware versions up to V5R019C00S100 and V5R021C00S184 respectively. The vulnerability arises from incorrect authorization controls (CWE-863) related to the 'Epuser' account on these devices. This account is able to disable the ONT's firewall functionality, which by default blocks critical TCP ports such as SSH (port 22) and TELNET (port 23). By disabling these protections, an attacker with access to the Epuser account can expose the device to remote access attempts via these protocols, which are often targeted for exploitation due to their history of weak authentication and known vulnerabilities. The CVSS 3.1 base score of 4.1 reflects a medium severity, with the vector indicating that the attack requires low complexity, privileges (PR:L) on the device, no user interaction, and affects the integrity of the device configuration without impacting confidentiality or availability. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. No known exploits are currently reported in the wild, and no patches are listed, indicating that mitigation may require vendor intervention or configuration changes. This vulnerability is significant because ONT devices serve as the demarcation point between customer premises and the service provider network, and weakening their firewall can lead to unauthorized access, lateral movement, or further compromise of the home or enterprise network.

For European organizations, especially those relying on Huawei ONT devices for fiber broadband connectivity, this vulnerability poses a risk of unauthorized modification of device firewall settings. If an attacker gains access to the Epuser account—potentially through credential compromise or insider threat—they could disable firewall protections, exposing the device and connected networks to remote attacks via SSH or TELNET. This could lead to unauthorized configuration changes, installation of malware, or pivoting attacks into internal networks. The impact is particularly relevant for enterprises and critical infrastructure operators using Huawei ONTs in their network edge, as it could undermine network integrity and trust. Additionally, given the widespread deployment of Huawei equipment in various European countries, this vulnerability could affect a significant number of endpoints. The lack of confidentiality impact reduces the risk of data leakage directly from this vulnerability, but integrity compromise can facilitate further attacks. The medium severity suggests that while exploitation is not trivial, the consequences warrant attention, especially in regulated sectors such as finance, healthcare, and government services.

To mitigate CVE-2025-49599, European organizations should first verify if their Huawei ONT devices are among the affected models and firmware versions. Immediate steps include: 1) Restricting access to the Epuser account by changing default credentials and enforcing strong, unique passwords; 2) Disabling or limiting the use of the Epuser account if possible; 3) Implementing network segmentation to isolate ONT devices from critical internal networks; 4) Monitoring network traffic for unusual activity on SSH and TELNET ports; 5) Applying any available firmware updates or patches from Huawei as soon as they are released; 6) Employing multi-factor authentication for device management interfaces if supported; 7) Conducting regular audits of device configurations to detect unauthorized changes to firewall settings; 8) Coordinating with ISPs or service providers to ensure secure provisioning and management of ONT devices. Since no patches are currently listed, organizations should engage with Huawei support for timelines and interim protective measures.