A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
Articles by the same author:
1
3
4
Paul Rausch, head of communications at POST Luxembourg, confirmed on May 20, 2026, that the outage affecting the public telecoms operator in July 2025 was the result of a 0-day attack targeting Huawei routers. The DDoS offensive caused an interruption of POST’s fixed and mobile services. It relied on specially crafted network traffic designed to force Huawei professional routers into a reboot loop.
According to Paul Rausch, the attack exploited a “non-public and undocumented” software vulnerability for which no patch was available at the time. POST provided Huawei with technical information about the flaw, but ten months after the incident, the manufacturer has still not publicly disclosed it through a CVE identifier.
Asked about this decision, Huawei declined to comment. The manufacturer also did not specify whether the vulnerability had been fully fixed, how many operators may have been affected, or whether similar routers remain exposed.