CVE-2025-9483

Published: Aug 26, 2025Modified: Sep 2, 2025

7.4

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (6)

Products: Linksys: Re6500 Firmware, Re6250 Firmware, Re6300 Firmware, Re6350 Firmware, Re7000 Firmware, Re9000 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6500 Firmware	Version 1.0.013.001

Running on/with	Platform Versions
Linksys Re6500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6250 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6250	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6300 Firmware	Version 1.2.07.001

Running on/with	Platform Versions
Linksys Re6300	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6350 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6350	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re7000 Firmware	Version 1.1.05.003

Running on/with	Platform Versions
Linksys Re7000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re9000 Firmware	Version 1.0.04.002

Running on/with	Platform Versions
Linksys Re9000	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (8)

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.321398

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.321398

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.634823

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.linksys.com/

Source: cna@vuldb.com

Product

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.