CVE-2025-9358 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-9358?

CVE-2025-9358 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Linksys WiFi range extenders allows remote attackers to execute arbitrary code by manipulating the admpasshint parameter. This affects multiple RE series models running vulnerable firmware versions. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Linksys WiFi range extenders allows remote attackers to execute arbitrary code by manipulating the admpasshint parameter. This affects multiple RE series models running vulnerable firmware versions. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE6500
Linksys RE7000
Linksys RE9000

Versions: 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default. The web administration interface must be accessible for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Device takeover enabling network traffic interception, credential theft, and participation in botnets.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Contact Linksys support for firmware update information. Consider replacing affected devices if no patch is forthcoming.

🔧 Temporary Workarounds

Disable Remote Administration

all

Disable web administration interface access from external networks

Network Segmentation

all

Place range extenders on isolated VLANs with strict firewall rules

🧯 If You Can't Patch

Immediately isolate affected devices from internet access using firewall rules
Replace vulnerable devices with patched or different models if no firmware update becomes available

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip]/ or using the Linksys app. Compare against affected versions list.

Check Version:

curl -s http://[device-ip]/ | grep -i firmware || Check web interface at http://[device-ip]/

Verify Fix Applied:

Verify firmware version has been updated to a version not listed in affected versions. No specific fix verification available without vendor patch.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setSysAdm with long admpasshint parameters
Device reboot or configuration changes without authorized action

Network Indicators:

HTTP requests to device IPs on port 80 targeting /goform/setSysAdm
Unusual outbound connections from range extenders

SIEM Query:

source="firewall" AND (dest_port=80 AND url_path="/goform/setSysAdm" AND http_method="POST")

📊 Metadata

CVE ID: CVE-2025-9358

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.37% exploit probability (58.4th percentile)

Published: August 23, 2025

Last Updated: September 2, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.321061 Permissions Required
https://vuldb.com/?id.321061 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.631530 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9358, you might also want to check these: