CVE-2025-12943 – This vulnerability allows attackers who can int... (How to Fix)

Q: What is the severity of CVE-2025-12943?

CVE-2025-12943 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers who can intercept and modify traffic destined for affected NETGEAR routers to execute arbitrary commands on the device. It affects NETGEAR RAX30 and RAXE300 routers with vulnerable firmware versions. The issue stems from improper certificate validation during firmware updates.

📋 TL;DR

This vulnerability allows attackers who can intercept and modify traffic destined for affected NETGEAR routers to execute arbitrary commands on the device. It affects NETGEAR RAX30 and RAXE300 routers with vulnerable firmware versions. The issue stems from improper certificate validation during firmware updates.

💻 Affected Systems

Products:

NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router)
NETGEAR RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router)

Versions: All versions before RAX30 firmware 1.0.14.108 and RAXE300 firmware 1.0.9.82

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with automatic updates enabled may already be patched. Manual update required for others.

📦 What is this software?

Rax30 Firmware by Netgear

View all CVEs affecting Rax30 Firmware →

Raxe300 Firmware by Netgear

View all CVEs affecting Raxe300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full router compromise allowing attacker to intercept all network traffic, modify DNS settings, install persistent malware, and pivot to internal network devices.

🟠

Likely Case

Router takeover leading to man-in-the-middle attacks, credential theft from network traffic, and disruption of internet connectivity.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted inbound access and automatic updates are disabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires ability to intercept and modify traffic destined to the router, which typically means attacker must be on the same network or have compromised upstream infrastructure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: RAX30: 1.0.14.108 or later, RAXE300: 1.0.9.82 or later

Vendor Advisory: https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates. 4. If update available, download and install. 5. Router will reboot automatically.

🔧 Temporary Workarounds

Disable automatic firmware updates

all

Prevents potential exploitation through the vulnerable update mechanism

Restrict router management access

all

Limit which devices can access router admin interface

🧯 If You Can't Patch

Place router behind firewall with strict inbound rules blocking all unnecessary ports
Disable remote management features and only allow local network administration

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in router admin interface under Advanced > Administration > Firmware Update

Check Version:

No CLI command - check via web interface at http://routerlogin.net or http://192.168.1.1

Verify Fix Applied:

Confirm firmware version is RAX30: 1.0.14.108+ or RAXE300: 1.0.9.82+

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Unusual command execution in system logs
Failed certificate validation errors

Network Indicators:

Unencrypted firmware download traffic
Suspicious traffic to router management interface from external sources

SIEM Query:

source="router_logs" AND (event="firmware_update" OR event="certificate_validation_failed")

📊 Metadata

CVE ID: CVE-2025-12943

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

EPSS Score: 0.02% exploit probability (3.8th percentile)

Published: November 11, 2025

Last Updated: December 8, 2025

🔗 References

https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025 Vendor Advisory
https://www.netgear.com/support/product/rax30 Product
https://www.netgear.com/support/product/raxe300 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12943, you might also want to check these: