Cyber Resilience

CVE-2025-9362

MediumPublic PoC

Published: 23 August 2025

Published
23 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 37.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9362 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-9362 is a stack-based buffer overflow vulnerability affecting the urlFilterManageRule function in the /goform/urlFilterManageRule component of Linksys Wi-Fi range extenders, specifically models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The flaw, associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), arises from manipulating the arguments urlFilterRuleName, scheduleUrl, or addURLFilter. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-08-23.

The vulnerability can be exploited remotely over the network with low complexity and low privileges required, such as an authenticated user with limited access. No user interaction is needed, and exploitation leads to low-level impacts on confidentiality, integrity, and availability, potentially allowing partial data exposure, modification, or denial of service through the buffer overflow.

Advisories from VulDB (ctiid.321065, id.321065, submit.631534) and a GitHub repository detail the issue but note that the vendor, Linksys, was contacted early without response, indicating no official patches or mitigations are available as of disclosure. The Linksys support site provides no specific guidance on this CVE.

EU & UK References

Vulnerability details

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack…

more

may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote stack-based buffer overflow in web management interface (/goform/urlFilterManageRule) enables exploitation of public-facing applications (T1190), remote services (T1210), and application/system exploitation for denial of service (T1499.004).

CVEs Like This One

CVE-2025-9360Same product: Linksys Re6250
CVE-2025-9253Same product: Linksys Re6250
CVE-2025-8831Same product: Linksys Re6250
CVE-2025-9251Same product: Linksys Re6250
CVE-2025-14136Same product: Linksys Re6250
CVE-2025-9247Same product: Linksys Re6250
CVE-2025-8819Same product: Linksys Re6250
CVE-2025-8817Same product: Linksys Re6250
CVE-2025-9249Same product: Linksys Re6250
CVE-2025-8816Same product: Linksys Re6250

Affected Assets

linksys
re6250 firmware
1.0.04.001
linksys
re6300 firmware
1.2.07.001
linksys
re6350 firmware
1.0.04.001
linksys
re6500 firmware
1.0.013.001
linksys
re7000 firmware
1.1.05.003
linksys
re9000 firmware
1.0.04.002

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs (urlFilterRuleName, scheduleUrl, addURLFilter) to the /goform/urlFilterManageRule endpoint, preventing the stack buffer overflow.

prevent

Enforces memory-protection mechanisms that block exploitation of the stack-based buffer overflow even if malformed input reaches the function.

prevent

Restricts the authenticated low-privilege accounts that can reach the vulnerable urlFilterManageRule function, reducing the attack surface.

References