CVE-2025-9356

Summary

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LinksysRE62501.0.013.001affected
LinksysRE62501.0.04.001affected
LinksysRE62501.0.04.002affected
LinksysRE62501.1.05.003affected
LinksysRE62501.2.07.001affected
LinksysRE63001.0.013.001affected
LinksysRE63001.0.04.001affected
LinksysRE63001.0.04.002affected
LinksysRE63001.1.05.003affected
LinksysRE63001.2.07.001affected
LinksysRE63501.0.013.001affected
LinksysRE63501.0.04.001affected
LinksysRE63501.0.04.002affected
LinksysRE63501.1.05.003affected
LinksysRE63501.2.07.001affected
LinksysRE65001.0.013.001affected
LinksysRE65001.0.04.001affected
LinksysRE65001.0.04.002affected
LinksysRE65001.1.05.003affected
LinksysRE65001.2.07.001affected
LinksysRE70001.0.013.001affected
LinksysRE70001.0.04.001affected
LinksysRE70001.0.04.002affected
LinksysRE70001.1.05.003affected
LinksysRE70001.2.07.001affected
LinksysRE90001.0.013.001affected
LinksysRE90001.0.04.001affected
LinksysRE90001.0.04.002affected
LinksysRE90001.1.05.003affected
LinksysRE90001.2.07.001affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References