CVE-2025-14135
Published: 06 December 2025
Summary
CVE-2025-14135 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the manipulated clientsname_0 input argument to restrict operations within memory bounds.
Mitigates exploitation of the buffer overflow for arbitrary code execution using memory protections such as stack canaries, ASLR, and non-executable memory.
Addresses the vulnerability through timely flaw remediation and firmware patching when updates become available from the vendor.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the web form handler (mod_form.so AP_get_wired_clientlist_setClientsName) of public-facing Linksys Wi-Fi extender web interface enables remote exploitation for initial access.
NVD Description
A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. The attack may be initiated remotely.…
more
The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-14135 is a stack-based buffer overflow vulnerability in the function AP_get_wired_clientlist_setClientsName within the mod_form.so file. It affects Linksys Wi-Fi range extenders, specifically the RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 models running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue arises from manipulation of the clientsname_0 argument and is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).
The vulnerability can be exploited remotely over the network by an attacker with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L). Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 8.8. This could enable arbitrary code execution, potentially allowing full device compromise.
No patches or official mitigations are available, as the vendor was contacted early for disclosure but did not respond. A proof-of-concept exploit is publicly available on GitHub, increasing the risk of active exploitation. Security practitioners should isolate affected devices, monitor for anomalous activity, and consider firmware updates if released in the future, referencing advisories on VulDB for additional details.
Details
- CWE(s)