CVE-2025-52692

Published: Dec 19, 2025Modified: Dec 23, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 (Secondary)

Description

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.

Affected (1)

Products: Linksys: E9450 Sg Firmware

Linksys

1 product

E9450 Sg Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys E9450 Sg Firmware	Version 1.2.00.052

Running on/with	Platform Versions
Linksys E9450 Sg	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-118/

Source: 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

Third Party AdvisoryExploit

Timeline

No history available yet.