CVE-2025-8832
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8832 is a critical stack-based buffer overflow vulnerability in multiple Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) up to firmware version 20250801. The flaw exists in the setDMZ function at the /goform/setDMZ endpoint, where the DMZIPAddress parameter is improperly handled without length validation. An attacker can remotely send a specially crafted DMZIPAddress argument that overflows the stack, potentially causing the device to crash or allowing execution of arbitrary code. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to crash your Linksys range extender device or potentially execute arbitrary code on it. This compromises the confidentiality, integrity, and availability of the affected device, potentially leading to unauthorized control or denial of service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual or malformed requests to the /goform/setDMZ endpoint, specifically those manipulating the DMZIPAddress parameter with excessively long input that could trigger a stack-based buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on HTTP POST requests to /goform/setDMZ with unusually large or suspicious DMZIPAddress values. Additionally, checking device logs for crashes or unexpected reboots may indicate exploitation attempts. Since a public proof-of-concept exploit exists, testing with controlled scripts that send crafted requests to the vulnerable endpoint can confirm susceptibility. However, no specific detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Linksys range extender devices with non-vulnerable models, as no patches or vendor-provided fixes are available. Network administrators should restrict remote access to the vulnerable devices, especially blocking access to the /goform/setDMZ endpoint from untrusted networks. Implementing network-level protections such as firewalls or intrusion prevention systems to detect and block exploit attempts targeting the DMZIPAddress parameter is recommended. Monitoring for exploitation attempts and isolating affected devices can also reduce risk. [1]