CVE-2025-9250 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/setPWDbyBBS hint stack-based overflow

A vulnerability described as critical has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow.

This vulnerability is referenced as CVE-2025-9250. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9250 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/setPWDbyBBS hint stack-based overflow

Post correlati

CVE-2024-0054 | AXIS OS 6.50/11.8 VAPIX API local_list.cgi resource consumption

CVE-2024-5240 | Campcodes Complete Web-Based School Management System 1.0 /view/unread_msg.php my_index sql injection

CVE-2025-25269 | Phoenix Contact CHARX SEC-3000 up to 1.7.2 os command injection (VDE-2025-019)

CVE-2024-32470 | Tolgee 3.57.2/3.57.3 API Key Creation authorization (GHSA-pm57-hcm8-38gw)