CVE-2025-5445 – This critical vulnerability in Linksys RE serie... (How to Fix)

Q: What is the severity of CVE-2025-5445?

CVE-2025-5445 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary operating system commands via command injection in the RP_checkFWByBBS function. Attackers can exploit this to gain full control of affected devices. All users of vulnerable Linksys RE series range extenders with specified firmware versions are affected.

📋 TL;DR

This critical vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary operating system commands via command injection in the RP_checkFWByBBS function. Attackers can exploit this to gain full control of affected devices. All users of vulnerable Linksys RE series range extenders with specified firmware versions are affected.

💻 Affected Systems

Products:

Linksys RE6500
Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE7000
Linksys RE9000

Versions: 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with web interface accessible are vulnerable. No special configuration required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, pivot to internal networks, intercept network traffic, or use device as botnet node.

🟠

Likely Case

Device takeover leading to network disruption, credential theft, or use in DDoS attacks.

🟢

If Mitigated

Limited impact if devices are isolated in separate VLANs with strict network segmentation and egress filtering.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires network access to device web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.linksys.com/

Restart Required: Yes

Instructions:

1. Check Linksys website for firmware updates. 2. If update available, download and install via web interface. 3. Reboot device after update. 4. Verify firmware version is no longer vulnerable.

🔧 Temporary Workarounds

Network Isolation

all

Place vulnerable devices in isolated VLAN with no internet access and strict firewall rules.

Access Control

linux

Block external access to device web interface using firewall rules.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace vulnerable devices with supported models
Disable web interface entirely if not needed for operation

🔍 How to Verify

Check if Vulnerable:

Access device web interface, navigate to Administration > Firmware Upgrade page, check current firmware version against vulnerable list.

Check Version:

curl -s http://device-ip/ | grep -i firmware

Verify Fix Applied:

After firmware update, verify version is higher than vulnerable versions listed.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/RP_checkFWByBBS
Suspicious command execution in system logs
Multiple failed login attempts

Network Indicators:

Unusual outbound connections from range extender
Traffic to known malicious IPs
Port scanning originating from device

SIEM Query:

source="linksys-extender" AND (uri="/goform/RP_checkFWByBBS" OR cmd="*;*" OR cmd="*|*")

📊 Metadata

CVE ID: CVE-2025-5445

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.94% exploit probability (75.8th percentile)

Published: June 2, 2025

Last Updated: June 10, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.310784 Permissions Required
https://vuldb.com/?id.310784 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.584367 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5445, you might also want to check these: