On July 23, 2025, Luxembourg experienced a nationwide telecommunications outage lasting over three hours due to a zero-day vulnerability in Huawei enterprise routers. This incident disrupted mobile networks, landline connections, and emergency communications. The attack, identified as a denial-of-service (DoS), exploited an undocumented flaw in the routers, causing them to enter a continuous restart loop. Despite investigations, there was no evidence of a targeted attack against POST Luxembourg, the state-owned operator. The corrupted data merely traversed the systems, triggering their failure. Although technical meetings were held between Luxembourg authorities and Huawei, and cybersecurity alerts were sent across Europe, a significant disclosure gap persists. Ten months later, no CVE identifier has been filed, leaving other network operators potentially vulnerable.
Did a Huawei vulnerability cause the Luxembourg telecom outage?
