CVE-2025-45985
Published: 13 June 2025
Summary
CVE-2025-45985 is a critical-severity Command Injection (CWE-77) vulnerability in B-Link Bl-Wr9000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Multiple LB-LINK router models, including BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7, contain a command-injection flaw in the bs_SetSSIDHide function. The issue is tracked as CVE-2025-45985 with a CVSS 3.1 score of 9.8 and is classified under CWE-77.
Unauthenticated attackers with network access can supply crafted input to the affected function and execute arbitrary operating-system commands. Successful exploitation grants full control over the device, allowing confidentiality, integrity, and availability impacts without requiring user interaction or credentials.
The sole reference is a public GitHub repository that demonstrates the injection vector but contains no vendor advisory, firmware update, or mitigation guidance. The associated EPSS score has remained at 0.3467 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18264
Vulnerability details
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.