CVE-2025-9146
Published: 19 August 2025
Summary
CVE-2025-9146 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Linksys E5600 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Weaken Encryption (T1600); ranked in the top 43.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2025-9146 is a vulnerability in the Linksys E5600 router running firmware version 1.1.0.26. The flaw resides in the verify_gemtek_header function within the checkFw.sh script of the Firmware Handler component. It enables the use of a risky cryptographic algorithm, classified under CWE-310 (Cryptographic Issues) and CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The issue carries a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-08-19.
The vulnerability can be exploited remotely by attackers who possess high privileges (PR:H) on the target system, though it demands high attack complexity (AC:H) and is described as difficult to exploit. Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing full compromise of the device's firmware handling process, such as improper validation during updates.
Advisories from VulDB detail the issue but note that the vendor was contacted early without any response. No patches or official mitigations are available from Linksys, as referenced on their site and in the VulDB entries. Additional technical analysis appears in a GitHub repository documenting IoT firmware updates for the Linksys E5600.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28817
Vulnerability details
A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The…
more
attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability uses a weak CRC integrity check (CWE-327, risky cryptographic algorithm) in the firmware update process, allowing crafted firmware uploads for code execution or DoS, directly facilitating T1600 (Weaken Encryption) to bypass integrity verification as mapped by VulDB.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates approved cryptographic algorithms and modules, directly eliminating the risky algorithm implemented in verify_gemtek_header.
Requires cryptographic verification of firmware integrity, preventing acceptance of updates validated by the flawed checkFw.sh function.
Restricts who can perform firmware changes, limiting the high-privilege remote attackers needed to reach the vulnerable verification code.