CVE-2025-9252 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect hint stack-based overflow

A vulnerability classified as critical was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow.

This vulnerability is tracked as CVE-2025-9252. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9252 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect hint stack-based overflow

Post correlati

CVE-2025-55029 | Mozilla Firefox up to 141 on iOS Popup Blocker access control

CVE-2025-52131 | Mocca Calendar up to 2.14 on XWiki text color cross site scripting (GHSA-jvq4-j2qw-q7x2)

CVE-2023-41818 | Motorola Device Help App prior 2023-12-01 SD Card missing access control

CVE-2025-40734 | Daily Expense Manager 1.0 /register.php password/confirm_password cross site scripting