CVE-2025-9245
Published: 20 August 2025
Summary
CVE-2025-9245 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires organizations to identify, report, and correct flaws like the stack-based buffer overflow in CVE-2025-9245, enabling timely patching or replacement of vulnerable Linksys firmware to prevent remote exploitation.
SI-10 mandates validation of information inputs such as the 'ssid' argument at entry points like /goform/WPSSTAPINEnr, directly preventing the buffer overflow triggered by malformed data.
SI-16 implements memory safeguards like stack canaries, ASLR, and non-executable memory, mitigating stack-based buffer overflow exploits that could lead to arbitrary code execution in affected Linksys devices.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the public-facing web endpoint /goform/WPSSTAPINEnr via SSID manipulation enables remote code execution on Linksys range extenders, directly facilitating exploitation of public-facing applications.
NVD Description
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack…
more
is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9245 is a stack-based buffer overflow vulnerability affecting the WPSSTAPINEnr function in the /goform/WPSSTAPINEnr file on Linksys range extender models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000. The flaw is triggered by manipulation of the 'ssid' argument and impacts devices running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. It is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity. A remote attacker with low privileges can exploit it over the network with low complexity and no user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution via the buffer overflow.
Advisories from VulDB detail the issue and note that remote exploitation is feasible, with a public exploit available on GitHub. The vendor, Linksys, was contacted early regarding disclosure but has not responded or issued patches, according to the available references.
The exploit is public and may be used, increasing the risk for affected devices. No real-world exploitation in the wild is specified in the provided information.
Details
- CWE(s)