CVE-2025-9248
Published: 20 August 2025
Summary
CVE-2025-9248 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the ssidhex argument to prevent manipulation leading to stack-based buffer overflow.
Implements memory protections like stack canaries and address space randomization to mitigate stack buffer overflow exploits.
Requires identification, reporting, and patching of the buffer overflow flaw in affected Linksys firmware versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the remote web management interface (/goform/RP_pingGatewayByBBS) via ssidhex parameter enables remote code execution on Linksys range extenders, facilitating T1190: Exploit Public-Facing Application.
NVD Description
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be…
more
performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9248 is a stack-based buffer overflow vulnerability in the RP_pingGatewayByBBS function, located in the /goform/RP_pingGatewayByBBS file, triggered by manipulation of the ssidhex argument. It affects Linksys Wi-Fi range extenders, specifically the RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 models running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue corresponds to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and without user interaction (UI:N). Successful exploitation enables high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially allowing arbitrary code execution, data compromise, or device disruption within the unchanged scope (S:U).
VulDB advisories (ctiid.320779, id.320779, submit.631521) document the vulnerability, including details on the affected firmware and exploitation vector, while a GitHub repository (wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md) provides a public proof-of-concept exploit. The vendor, Linksys, was contacted early for coordinated disclosure but provided no response, and no patches or mitigations are referenced.
The exploit has been publicly disclosed and could be used in the wild, though no confirmed real-world exploitation is reported.
Details
- CWE(s)