CVE-2025-9363
Published: 23 August 2025
Summary
CVE-2025-9363 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linksys Re6250 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of inputs like triggerRuleName and schedule arguments to the portTriggerManageRule function, directly preventing the stack-based buffer overflow exploitation.
SI-16 implements memory protections such as stack canaries and non-executable stacks to mitigate stack-based buffer overflow exploits even if invalid inputs are processed.
SI-2 requires timely identification, prioritization, and remediation of flaws like this buffer overflow vulnerability through firmware updates or device replacement.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remotely exploitable stack-based buffer overflow in the web interface (/goform/portTriggerManageRule) of Linksys Wi-Fi range extenders, a public-facing application, enabling initial access via exploitation.
NVD Description
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. Remote exploitation of the attack…
more
is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-9363 is a stack-based buffer overflow vulnerability affecting the portTriggerManageRule function in the /goform/portTriggerManageRule endpoint of Linksys Wi-Fi range extenders, specifically models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue, tied to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), arises from manipulating the triggerRuleName or schedule arguments.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), enabling remote exploitation by low-privileged users, such as authenticated network administrators or users with access to the device's web interface. Attackers can achieve high-impact confidentiality, integrity, and availability violations, potentially leading to remote code execution, full device compromise, or arbitrary command injection on the affected extenders.
VulDB advisories and referenced GitHub disclosures indicate that the proof-of-concept exploit is publicly available, including detailed reproduction steps. The vendor was notified early but has not responded or issued patches, leaving affected devices without official mitigations; practitioners should isolate devices, restrict web interface access, and monitor for anomalous port triggering activity until firmware updates are provided.
Details
- CWE(s)