CVE-2025-9355 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-9355?

CVE-2025-9355 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary code by manipulating the ruleName parameter in the scheduleAdd function. This affects multiple RE model devices running vulnerable firmware versions. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary code by manipulating the ruleName parameter in the scheduleAdd function. This affects multiple RE model devices running vulnerable firmware versions. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE6500
Linksys RE7000
Linksys RE9000

Versions: 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with affected firmware versions are vulnerable by default. No special configuration required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device takeover, persistence installation, and lateral movement to connected networks.

🟠

Likely Case

Device compromise allowing attacker to modify settings, intercept traffic, or use device as pivot point for further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Remote exploitation without authentication makes this highly accessible to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Monitor Linksys support for firmware updates.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices on separate VLANs with strict firewall rules

Access Control

linux

Block external access to device management interfaces

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace affected devices with non-vulnerable models
Disable affected devices and use alternative network extension solutions

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip]/ or via serial console

Check Version:

curl -s http://[device-ip]/ | grep -i firmware

Verify Fix Applied:

Verify firmware version is updated beyond affected versions (if patch becomes available)

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/scheduleAdd
Device reboot events
Configuration changes without authorization

Network Indicators:

HTTP requests with long ruleName parameters
Traffic from device to unexpected external IPs

SIEM Query:

source="network_firewall" AND (url="/goform/scheduleAdd" OR (content_length>1000 AND url CONTAINS "goform"))

📊 Metadata

CVE ID: CVE-2025-9355

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.37% exploit probability (58.4th percentile)

Published: August 22, 2025

Last Updated: September 2, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.321058 Permissions Required
https://vuldb.com/?id.321058 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.631527 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9355, you might also want to check these: