CVE-2025-11303
Published: 05 October 2025
Description
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Security Summary
CVE-2025-11303 is a command injection vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in an unknown function within the /goform/mp file, where manipulation of the "command" argument enables attackers to inject and execute arbitrary commands. This issue is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by attackers who possess low privileges (PR:L), such as authenticated users with limited access to the device. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to execute commands on the underlying system, though the scope remains unchanged (S:U).
Advisories from sources like VulDB and the referenced GitHub repository indicate no vendor response or patch availability, as Belkin was contacted early but did not reply. A proof-of-concept exploit is publicly available, which may facilitate further attacks.
Notable context includes the public disclosure of the exploit on GitHub, increasing the risk of widespread targeting, with no reported real-world exploitation or AI/ML relevance at this time.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote command injection in public-facing router web interface (/goform/mp) enables exploitation of public-facing applications (T1190), command and scripting interpreter execution (T1059), and indirect command execution (T1202 per VulDB advisory).