CVE-2025-14133
Published: 06 December 2025
Summary
CVE-2025-14133 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 enforces validation of information inputs, directly preventing the stack-based buffer overflow from manipulation of the clientsname_0 argument in the mod_form.so function.
SI-16 implements memory protections like stack guards and non-executable stacks that block exploitation of stack-based buffer overflows even if invalid input reaches the vulnerable function.
SI-2 requires timely identification, reporting, and remediation of flaws such as this buffer overflow vulnerability through patching or code corrections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the remotely accessible web interface function AP_get_wireless_clientlist_setClientsName (mod_form.so) enables remote code execution via exploitation of a public-facing application.
NVD Description
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function AP_get_wireless_clientlist_setClientsName of the file mod_form.so. Performing manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack can…
more
be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-14133 is a stack-based buffer overflow vulnerability affecting the function AP_get_wireless_clientlist_setClientsName in the mod_form.so file on Linksys Wi-Fi range extenders, specifically models RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue stems from improper handling of the clientsname_0 argument, as classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
Attackers with low privileges (PR:L), such as authenticated users on the network, can exploit this remotely over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, potentially granting high-impact confidentiality, integrity, and availability compromises, including full device takeover, data theft, or further network pivoting from the compromised range extender.
VulDB advisories and referenced GitHub repositories detail a publicly available proof-of-concept exploit but note no vendor response despite early disclosure contact; no patches, mitigations, or official advisories from Linksys are mentioned. Security practitioners should isolate affected devices, monitor for anomalous traffic to wireless client list endpoints, and consider firmware downgrade or replacement with unsupported models until updates emerge.
The exploit POC has been disclosed publicly via GitHub, increasing the risk of widespread abuse, though no confirmed real-world exploitation in the wild is reported.
Details
- CWE(s)