CVE-2025-60691 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-60691?

CVE-2025-60691 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to execute arbitrary code or cause denial of service without authentication. Attackers can exploit this by sending crafted HTTP requests to the vulnerable httpd binary. All users of Linksys E1200 v2 routers with the affected firmware are at risk.

📋 TL;DR

A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to execute arbitrary code or cause denial of service without authentication. Attackers can exploit this by sending crafted HTTP requests to the vulnerable httpd binary. All users of Linksys E1200 v2 routers with the affected firmware are at risk.

💻 Affected Systems

Products:

Linksys E1200 v2

Versions: Firmware version E1200_v2.0.11.001_us.tar.gz (likely affects earlier versions too)

Operating Systems: Embedded Linux on Linksys routers

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default httpd binary that handles web administration and CGI requests.

📦 What is this software?

E1200 Firmware by Linksys

View all CVEs affecting E1200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing router crashes and network disruption, potentially leading to remote code execution in targeted attacks.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests without authentication.

🏢 Internal Only: HIGH - Even internally, any device on the network can exploit this vulnerability without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains analysis and likely exploit code. The vulnerability is straightforward to exploit due to lack of bounds checking.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.linksys.com/

Restart Required: Yes

Instructions:

1. Check Linksys website for firmware updates. 2. Download latest firmware for E1200 v2. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected router with supported model
Implement strict network firewall rules to block all HTTP traffic to router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Administration > Firmware Upgrade

Check Version:

curl -s http://router-ip/status.cgi | grep firmware

Verify Fix Applied:

Verify firmware version is newer than E1200_v2.0.11.001_us.tar.gz

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to CGI endpoints
Router crash/restart logs
Large or malformed URL parameters in web logs

Network Indicators:

HTTP requests with unusually long URL parameters to router IP
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="router.log" AND (url="*apply.cgi*" OR url="*block.cgi*") AND url_length>100

📊 Metadata

CVE ID: CVE-2025-60691

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.62% exploit probability (69.4th percentile)

Published: November 13, 2025

Last Updated: November 17, 2025

🔗 References

http://linksys.com Product
https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E1200/CVE-2025-60691.md Exploit,Third Party Advisory
https://www.linksys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60691, you might also want to check these: