CVE-2025-25246
Published: 05 February 2025
Summary
CVE-2025-25246 is a high-severity Code Injection (CWE-94) vulnerability in Netgear (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-25246 is an unauthenticated remote code execution vulnerability, tracked under CWE-94, that affects NETGEAR XR1000 firmware versions before 1.0.0.74, XR1000v2 versions before 1.1.0.22, and XR500 versions before 2.3.2.134. The flaw carries a CVSS 3.1 base score of 8.1 and permits an attacker to inject and execute arbitrary code on the affected router.
An unauthenticated attacker with network access can exploit the issue without user interaction or credentials, resulting in full compromise of confidentiality, integrity, and availability on the device. The attack requires high complexity according to the CVSS vector.
Netgear has published a security advisory (PSV-2023-0039) that details the affected models and provides remediation guidance at the referenced knowledge-base URL. The current EPSS score of 0.0498, which peaked at only 0.0917 before receding, indicates limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4095
Vulnerability details
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE on public-facing WiFi routers directly enables T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary code execution on the Linux-based device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the unauthenticated RCE by requiring timely application of NETGEAR firmware patches to remediate the vulnerability.
Identifies the CVE-2025-25246 vulnerability in affected XR1000 and XR500 routers through vulnerability scanning, enabling remediation.
Ensures monitoring and response to vendor security advisories like NETGEAR PSV-2023-0039, facilitating awareness and patching of this RCE issue.