CVE-2025-9247
Published: 20 August 2025
Summary
CVE-2025-9247 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces validation of the vlan_set argument to prevent stack-based buffer overflows from malformed inputs.
Implements memory protections such as stack canaries and non-executable stacks to block unauthorized code execution from buffer overflow exploits.
Requires identification and remediation of the specific stack buffer overflow flaw in the setVlan function, including patching firmware when available.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow in the remote web endpoint (/goform/setVlan) via the vlan_set parameter enables remote exploitation of a public-facing application for potential code execution.
NVD Description
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is…
more
possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9247 is a stack-based buffer overflow vulnerability affecting the setVlan function in the /goform/setVlan file on Linksys range extender models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000. The flaw is triggered by manipulation of the vlan_set argument and impacts devices running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability is exploitable remotely over the network by an attacker possessing low privileges (PR:L), with low attack complexity and no requirement for user interaction. Exploitation can result in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), as reflected in its CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), potentially enabling arbitrary code execution or system crashes.
VulDB advisories and a GitHub repository detail the vulnerability, including a publicly disclosed exploit. The vendor, Linksys, was contacted early regarding the issue but has not responded or released patches as of the CVE publication date of 2025-08-20T21:15:32.393. Security practitioners should monitor the Linksys website for updates and consider network segmentation or firmware verification in the interim.
Details
- CWE(s)