CVE-2025-9252

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001

Description A weakness exists in the

DisablePasswordAlertRedirect

function of the

/goform/DisablePasswordAlertRedirect

file. Manipulation of the

hint

argument can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been made publicly available and may be utilized. The vendor was contacted regarding this issue but did not respond.

Recommendations For Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

CVE-2025-9252

Affected Products

Linksys Re6250

Linksys Re6300

Linksys Re6350

Linksys Ea6500

Linksys Re7000

Linksys Re9000

CVE-2025-9252

Weakness Enumeration

Related Identifiers

Affected Products

References · 15