Cyber Resilience

CVE-2025-44654

Critical

Published: 21 July 2025

Published
21 July 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 62.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-44654 is a critical-severity Improper Access Control (CWE-284) vulnerability in Linksys E2500 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-44654 is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Linksys E2500 router on firmware version 3.0.04.002. It arises from the vsftpd configuration file having the chroot_local_user option enabled, which improperly restricts user environments and exposes the system to risks including unauthorized access to system files. The issue is classified under CWE-284 (Improper Access Control) and was published on 2025-07-21.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no authentication privileges or user interaction. Successful exploitation enables high-impact outcomes such as unauthorized access to sensitive system files, privilege escalation on the device, or leveraging the router as a pivot for internal network attacks.

Advisories and additional details are available at http://e2500.com and https://gist.github.com/TPCchecker/279708bf9c599c836ea66f3a3e0c25e1.

EU & UK References

Vulnerability details

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability in public-facing vsftpd on router directly enables remote exploitation (T1190) and leads to privilege escalation via improper access control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8822Same vendor: Linksys
CVE-2025-8832Same vendor: Linksys
CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2025-60691Same vendor: Linksys
CVE-2026-21636Shared CWE-284
CVE-2025-9247Same vendor: Linksys
CVE-2025-57130Shared CWE-284
CVE-2024-53348Shared CWE-284
CVE-2025-9356Same vendor: Linksys

Affected Assets

linksys
e2500 firmware
3.0.04.002

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes secure configuration settings for vsftpd to properly enable chroot restrictions and prevent unauthorized access to system files.

prevent

Enforces approved access authorizations to block unauthorized reads of system files and privilege escalation via the misconfigured FTP service.

prevent

Limits router to least functionality by disabling unnecessary FTP services like vsftpd, eliminating the exposure vector entirely.

References