CVE-2025-9355

Summary

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LinksysRE62501.0.013.001affected
LinksysRE62501.0.04.001affected
LinksysRE62501.0.04.002affected
LinksysRE62501.1.05.003affected
LinksysRE62501.2.07.001affected
LinksysRE63001.0.013.001affected
LinksysRE63001.0.04.001affected
LinksysRE63001.0.04.002affected
LinksysRE63001.1.05.003affected
LinksysRE63001.2.07.001affected
LinksysRE63501.0.013.001affected
LinksysRE63501.0.04.001affected
LinksysRE63501.0.04.002affected
LinksysRE63501.1.05.003affected
LinksysRE63501.2.07.001affected
LinksysRE65001.0.013.001affected
LinksysRE65001.0.04.001affected
LinksysRE65001.0.04.002affected
LinksysRE65001.1.05.003affected
LinksysRE65001.2.07.001affected
LinksysRE70001.0.013.001affected
LinksysRE70001.0.04.001affected
LinksysRE70001.0.04.002affected
LinksysRE70001.1.05.003affected
LinksysRE70001.2.07.001affected
LinksysRE90001.0.013.001affected
LinksysRE90001.0.04.001affected
LinksysRE90001.0.04.002affected
LinksysRE90001.1.05.003affected
LinksysRE90001.2.07.001affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References