What happened
A previously undisclosed zero-day vulnerability in Huawei enterprise router software caused a nationwide telecommunications outage in Luxembourg on July 23, 2025, disrupting mobile, landline, and emergency communications for more than three hours. The incident has not been publicly acknowledged by Huawei, no CVE identifier has been filed in any public database in the ten months since it occurred, and no public warning has been issued to other operators running the same equipment.
POST Luxembourg, the state-owned operator whose network failed, confirmed the incident involved specially crafted network traffic that sent Huawei enterprise routers into a continuous restart loop. The attack exploited a non-public, non-documented behavior for which no patch was available at the time and was unrelated to any previously known vulnerability. Huawei told POST it had never encountered the attack among any of its customers.
Luxembourg’s public prosecutor found that corrupted data passing through POST’s infrastructure as an internet service provider triggered the router failure, rather than being specifically directed at POST as a chosen target. Investigators concluded there was no evidence of a targeted attack, suggesting the outage may have been caused by maliciously crafted network traffic in transit hitting an undocumented failure condition. No criminal charges have been filed.
Ten months after the incident, it remains unclear whether the vulnerability has been fully patched, how many operators running similar Huawei equipment may be exposed, and whether comparable systems remain vulnerable. Huawei did not respond to questions about why no CVE was filed. POST confirmed it contributed technical information but that disclosure decisions rested with the vendor.
Who is affected
POST Luxembourg’s customer base of potentially hundreds of thousands of residents was directly affected during the outage, with the country’s emergency call center receiving hundreds of additional calls once service was restored. The broader concern extends to any telecommunications operator globally running the same Huawei enterprise router equipment, who remain unaware of and unprotected against the vulnerability given the absence of public disclosure.
Why CISOs should care
A zero-day vulnerability that caused a nationwide telecommunications outage, including disruption to emergency services, has gone undisclosed for ten months. No CVE has been filed. No public advisory has been issued to the broader operator community. This is a significant failure of responsible disclosure that leaves other operators running the same equipment without the information needed to assess their own exposure.
For security leaders at telecommunications companies and critical infrastructure operators running Huawei networking equipment, this incident raises a direct question: are there other undisclosed vulnerabilities in your vendor’s enterprise networking software that have been shared only through restricted customer portals rather than public CVE databases? The disclosure gap documented here is not an isolated case. Huawei’s public vulnerability disclosures for enterprise networking software have become rare, with independent researchers accounting for many of the documented cases.
3 practical actions
- Request Huawei’s restricted customer portal advisories directly if your organization runs Huawei enterprise networking equipment: Huawei publishes enterprise security advisories through a restricted portal rather than broad public channels. Ensure your organization has active access to these advisories and establish a process for reviewing them regularly, as they may contain vulnerability information not captured in public CVE databases.
- Audit Huawei enterprise router deployments for exposure to DoS conditions involving packet parsing and protocol traffic: The Luxembourg incident involved crafted network traffic triggering an undocumented router failure condition. Review Huawei’s restricted advisory published last month describing a denial-of-service flaw involving packet parsing and assess whether your deployments require configuration changes or software updates to mitigate similar failure conditions.
- Engage your Huawei account team directly about the Luxembourg incident and current patch status: Given the absence of public disclosure, direct vendor engagement is the most reliable path to understanding whether the vulnerability has been addressed in current software versions and whether any configuration mitigations are available for deployed equipment.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.