CVE-2025-56009
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-10-23

Last updated on: 2026-05-20

Assigner: MITRE

Description
Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56009
EUVD
EUVD-2025-35691
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
keenetic keeneticos to 4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) issue in KeeneticOS versions before 4.3 at the /rci API endpoint. It allows an attacker to trick a logged-in user into visiting a malicious webpage, which then silently performs unauthorized actions on the router. Specifically, the attacker can add new users with full administrative permissions to the device, effectively taking control of it. The attack requires the victim to be authenticated and logged into the router's web interface at the time of the attack. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain full administrative control over your Keenetic router by adding new users with full permissions without your knowledge. This can lead to unauthorized changes to your network settings, potential interception or manipulation of your network traffic, and overall compromise of your device's security and privacy. [1]

Detection Guidance

There is no specific detection method or commands provided in the available resources to identify this CSRF vulnerability on your network or system. Detection would typically involve monitoring for unauthorized user additions or suspicious activity on the /rci API endpoint, but no explicit commands or tools are mentioned.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade your KeeneticOS firmware to version 4.3 or later, which includes patches for CVE-2025-56009. Firmware updates can be applied via the device's web interface or the Keenetic mobile app. Additionally, avoid logging into the router's web interface from untrusted networks or browsers to reduce risk until the update is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart