Multiple sources have revealed that a nationwide telecoms outage in Luxembourg last year was caused by the exploitation of a previously undisclosed vulnerability in **Huawei** enterprise router software. The incident, which occurred on July 23, 2025, disrupted mobile, landline, and emergency communications for more than three hours. ### Zero-Day Attack Exploited Undisclosed Flaw The vulnerability, which has not been publicly disclosed or assigned a **CVE** identifier, was exploited in a denial-of-service (DoS) attack. **Paul Rausch**, the head of communications at **POST Luxembourg**, the state-owned operator affected by the outage, confirmed that the attack targeted a network device and exploited "a non-public, non-documented behaviour, for which no patch was available at the time." He emphasized that it was "not related to the exploitation of any known or previously documented vulnerabilities." **Rausch** stated that **Huawei** informed **POST** that they had not encountered this type of attack previously and had no immediate solution. ### Impact and Investigation The outage affected **POST**'s landline, 4G, and 5G mobile networks, potentially impacting hundreds of thousands of residents' ability to contact emergency services. The specially crafted network traffic caused **Huawei** enterprise routers to enter a continuous restart loop, effectively crashing critical infrastructure. Luxembourg's government initially described the incident as "an exceptionally advanced and sophisticated cyberattack." An investigation by police and cybersecurity experts concluded that "corrupted data…had been relayed through **POST Luxembourg**…and caused their systems to stop and reboot instead of simply relaying the data." However, investigators found no evidence that **POST Luxembourg** was specifically targeted. The findings suggest that the outage may have been triggered by malicious network traffic passing through **POST**'s infrastructure, causing **Huawei** routers to fail in an undocumented manner. ### Disclosure Concerns While **Huawei** routinely files **CVE**s for consumer products, disclosures regarding vulnerabilities in its enterprise networking software have become less frequent. The company publishes enterprise security advisories through a restricted customer portal, rather than public advisories. One such advisory, which did not include a **CVE** identifier, described a DoS flaw involving packet parsing, but there is no evidence linking it to the Luxembourg incident. Following the attack, Luxembourg authorities and **Huawei** engaged in technical meetings to understand the cause. Luxembourg's cybersecurity authorities also alerted partner incident response teams across Europe. However, a **CVE** was never filed to alert the broader cybersecurity community. **Anne Jung**, spokesperson for the High Commission for National Protection, stated that the decision to issue a **CVE** rests with the vendor. **POST** confirmed that it contributed technical information but did not control disclosure decisions. As of now, **Huawei** has not responded to inquiries about the lack of a public **CVE** for the vulnerability. It remains unclear whether the vulnerability has been fully patched, how many other operators may be exposed, or if similar **Huawei** systems remain vulnerable. <a href="https://www.recordedfuture.com/?utm_source=therecord&amp;utm_medium=ad"><figure><img src="https://cms.therecord.media/uploads/2025_0514_Record_Ads_970x250_1_d144dbf901.png" data-nimg="1" decoding="async" height="500" width="1000" alt="Recorded Future"></figure></a> <a href="https://therecord.media/author/alexander-martin"><img src="https://cms.therecord.media/uploads/headshot_79eb085f87.jpeg" data-nimg="1" decoding="async" height="384" width="384" loading="lazy" alt="Alexander Martin"></a>