CVE-2025-15258 – This CVE describes an open redirect vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-15258?

CVE-2025-15258 has a CVSS score of 3.5 (LOW). This CVE describes an open redirect vulnerability in the Edimax BR-6208AC router's web configuration interface. Attackers can manipulate the wlan-url parameter to redirect users to malicious websites. Only users of the discontinued Edimax BR-6208AC V2 router are affected.

📋 TL;DR

This CVE describes an open redirect vulnerability in the Edimax BR-6208AC router's web configuration interface. Attackers can manipulate the wlan-url parameter to redirect users to malicious websites. Only users of the discontinued Edimax BR-6208AC V2 router are affected.

💻 Affected Systems

Products:

Edimax BR-6208AC V2

Versions: 1.02, 1.03

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with web interface accessible. Device is End of Life (EOL) with no vendor support.

📦 What is this software?

Br 6208ac Firmware by Edimax

View all CVEs affecting Br 6208ac Firmware →

Br 6208ac Firmware by Edimax

View all CVEs affecting Br 6208ac Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Attackers redirect users to phishing pages to harvest login credentials or display malicious ads.

🟢

If Mitigated

With proper network segmentation and user awareness, impact is limited to potential credential theft from redirected users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available. Attack requires user interaction (clicking a link).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: No official advisory beyond EOL statement

Restart Required: No

Instructions:

No official patch available. Vendor recommends replacing device with newer model.

🔧 Temporary Workarounds

Disable Web Interface Access

all

Block external access to router web interface

Configure firewall to block port 80/443 to router LAN IP
Disable remote administration in router settings

Network Segmentation

all

Isolate router management interface

Place router on separate VLAN
Restrict access to management interface to specific IPs

🧯 If You Can't Patch

Replace router with supported model immediately
Implement strict network segmentation and firewall rules to limit access to router interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface. If version is 1.02 or 1.03, device is vulnerable.

Check Version:

Login to router web interface and check firmware version in System Status or similar section.

Verify Fix Applied:

No fix available to verify. Only mitigation is device replacement.

📡 Detection & Monitoring

Log Indicators:

Unusual redirects in web server logs
Requests to /goform/formALGSetup with suspicious wlan-url parameters

Network Indicators:

HTTP redirects from router to external domains
Unusual outbound traffic following router access

SIEM Query:

web.url:*goform/formALGSetup* AND web.query:wlan-url=*http*

📊 Metadata

CVE ID: CVE-2025-15258

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-601

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: December 30, 2025

Last Updated: February 24, 2026

🔗 References

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Open-Redirect-Vulnerability-in-Web-formALGSetup-handler-2d3b5c52018a80188e9ae30d3cc8c3d1?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.338648 Permissions Required,VDB Entry
https://vuldb.com/?id.338648 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.722446 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15258, you might also want to check these: