CVE-2025-9357
Published: 23 August 2025
Summary
CVE-2025-9357 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates inputs like the langSelectionOnly argument to prevent stack-based buffer overflows from improper bounds checking in the langSwitchByBBS function.
Implements memory protection such as stack canaries, ASLR, and non-executable stacks to block exploitation of stack buffer overflows even if validation fails.
Requires timely flaw remediation for the buffer overflow vulnerability through firmware patching, workarounds, or device replacement despite vendor non-response.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the device's web management interface (/goform/langSwitchByBBS) is directly exploitable over the network by an authenticated remote attacker, enabling arbitrary code execution on a public-facing application.
NVD Description
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the…
more
attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9357 is a stack-based buffer overflow vulnerability affecting the langSwitchByBBS function in the /goform/langSwitchByBBS file of Linksys Wi-Fi range extenders, including models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000. The flaw arises from manipulation of the langSelectionOnly argument and impacts devices running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
An authenticated remote attacker with low privileges (PR:L) can exploit this vulnerability without user interaction and with low attack complexity (AC:L) over the network (AV:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), yielding a CVSS v3.1 base score of 8.8. A proof-of-concept exploit is publicly available.
Vendor advisories or patches are absent, as Linksys was contacted early regarding disclosure but provided no response. Relevant details, including the POC, are documented on GitHub repositories and VulDB entries.
The publicly available exploit might be used in real-world attacks, though no confirmed exploitation in the wild is reported.
Details
- CWE(s)