CVE-2025-9253
Published: 20 August 2025
Summary
CVE-2025-9253 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the manipulated ssidhex argument in the RP_doSpecifySiteSurvey function.
Provides memory protections such as stack canaries and DEP to mitigate exploitation of the stack buffer overflow vulnerability.
Mandates timely flaw remediation through firmware updates to correct the buffer overflow in affected Linksys RE series devices.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote stack-based buffer overflow in the public-facing web interface (/goform/RP_doSpecifySiteSurvey) enables exploitation for initial access (T1190) and denial of service via application crash (T1499.004).
NVD Description
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The…
more
attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9253 is a stack-based buffer overflow vulnerability in the RP_doSpecifySiteSurvey function within the /goform/RP_doSpecifySiteSurvey file of Linksys Wi-Fi range extenders, specifically models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue arises from manipulation of the ssidhex argument, as documented in associated advisories.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). It can be exploited remotely by an attacker with low privileges over the network, requiring low attack complexity and no user interaction, potentially resulting in high impacts to confidentiality, integrity, and availability, such as arbitrary code execution or denial of service.
VulDB advisories (ctiid.320784, id.320784, submit.631526) detail the vulnerability, and a proof-of-concept exploit is publicly available on GitHub at github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md. The vendor, Linksys, was notified early but has not responded or issued patches as of the CVE publication on 2025-08-20. Security practitioners should isolate affected devices, monitor for exploitation attempts targeting the RP_doSpecifySiteSurvey endpoint, and check the Linksys support site for any future firmware updates.
Details
- CWE(s)