CVE-2025-12943
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-12-08

Assigner: Netgear, Inc.

Description
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12943
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
netgear rax30_firmware to 1.0.14.108 (exc)
netgear rax30 *
netgear raxe300_firmware to 1.0.9.82 (exc)
netgear raxe300 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is due to improper certificate validation in the firmware update logic of NETGEAR RAX30 and RAXE300 routers. It allows attackers who can intercept and tamper with the traffic destined for the device to execute arbitrary commands on the device.

Impact Analysis

An attacker able to intercept and modify traffic to the affected devices can execute arbitrary commands on the router, potentially compromising the device's security and functionality. This could lead to unauthorized control over the device.

Mitigation Strategies

To mitigate this vulnerability, check the firmware version of your NETGEAR RAX30 or RAXE300 device. If the firmware is not updated to at least version 1.0.14.108 for RAX30 or 1.0.9.82 for RAXE300, update it to the latest firmware version. Devices with automatic updates enabled may already have this patch applied, so enabling automatic firmware updates is also recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12943. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart