CVE-2025-9481
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-02
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected Linksys range extender models or firmware versions, as no vendor patches or countermeasures are currently available. Replacement with alternative products is recommended to avoid exploitation. Network-level protections such as blocking access to the /goform/setIpv6 endpoint or filtering suspicious traffic may help reduce risk temporarily. [1]
Can you explain this vulnerability to me?
CVE-2025-9481 is a critical stack-based buffer overflow vulnerability found in multiple Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) in specific firmware versions. The flaw exists in the setIpv6 function within the /goform/setIpv6 file, where improper handling of the tunrd_Prefix argument allows an attacker to overflow the stack. This vulnerability can be exploited remotely without authentication, potentially allowing attackers to crash the device or execute arbitrary code. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to compromise the confidentiality, integrity, and availability of the affected Linksys devices. Exploiting the stack-based buffer overflow can lead to device crashes (denial of service) or remote code execution, which means attackers could take control of the device, disrupt network operations, or access sensitive information. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for attempts to access the /goform/setIpv6 endpoint with unusually long or malformed tunrd_Prefix parameters, which may indicate exploitation attempts. Since the exploit is publicly available, scanning for HTTP requests targeting this specific URI with oversized tunrd_Prefix arguments can help identify attacks. However, no specific detection commands or tools are provided in the available resources. [1, 2]