CVE-2025-9362 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-9362?

CVE-2025-9362 has a CVSS score of 6.3 (MEDIUM). A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary code by manipulating URL filter parameters. This affects multiple RE model devices running vulnerable firmware versions. Attackers can exploit this without authentication to potentially take control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attackers to execute arbitrary code by manipulating URL filter parameters. This affects multiple RE model devices running vulnerable firmware versions. Attackers can exploit this without authentication to potentially take control of affected devices.

💻 Affected Systems

Products:

Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE6500
Linksys RE7000
Linksys RE9000

Versions: 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations running affected firmware versions are vulnerable. The vulnerable endpoint /goform/urlFilterManageRule is accessible via web interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, lateral movement to connected networks, and data exfiltration.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution for reconnaissance and foothold establishment.

🟢

If Mitigated

Denial of service only if exploit attempts are blocked by network controls, with no code execution.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-exposed devices prime targets.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to pivot within networks, but requires internal access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific HTTP requests to manipulate urlFilterRuleName, scheduleUrl, or addURLFilter parameters. No authentication needed. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.linksys.com/

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Check Linksys website periodically for firmware updates addressing CVE-2025-9362.

🔧 Temporary Workarounds

Network segmentation and access control

all

Isolate Linksys RE devices on separate VLANs and restrict access to management interfaces.

Configure firewall rules to block external access to port 80/443 on RE devices
Implement VLAN segmentation for IoT/wireless extender networks

Disable remote management

all

Ensure remote management/administration is disabled on affected devices.

Access web interface > Administration > Remote Management > Disable
Verify only local network access is permitted

🧯 If You Can't Patch

Replace affected devices with supported models from Linksys or other vendors
Decommission vulnerable devices if not essential to operations

🔍 How to Verify

Check if Vulnerable:

Access device web interface > Administration > Firmware Upgrade > Check current firmware version matches affected versions.

Check Version:

curl -s http://[device-ip]/goform/getSysInfo | grep firmwareVersion

Verify Fix Applied:

No fix available to verify. Monitor Linksys for firmware updates addressing CVE-2025-9362.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/urlFilterManageRule with unusually long parameters
Device crash/reboot logs following web interface access attempts

Network Indicators:

HTTP traffic to RE device management interface with buffer overflow patterns in POST data
Unusual outbound connections from RE devices post-exploitation

SIEM Query:

source="linksys-re-*" AND url="/goform/urlFilterManageRule" AND (param="urlFilterRuleName" OR param="scheduleUrl" OR param="addURLFilter") AND length(param_value) > 100

📊 Metadata

CVE ID: CVE-2025-9362

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.06% exploit probability (19.7th percentile)

Published: August 23, 2025

Last Updated: September 2, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.321065 Permissions Required
https://vuldb.com/?id.321065 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.631534 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9362, you might also want to check these: