CVE-2025-9252

HIGH

Linksys - Buffer Overflow

Title source: llm

Description

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Scores

CVSS v3 8.8
EPSS 0.0026
EPSS Percentile 49.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-119 CWE-121
Status published

Affected Products (6)

linksys/re6250_firmware
linksys/re6300_firmware
linksys/re6350_firmware
linksys/re7000_firmware
linksys/re9000_firmware
linksys/re6500_firmware

Timeline

Published Aug 20, 2025
Tracked Since Feb 18, 2026