Cyber Posture

CVE-2025-14135

HighPublic PoC

Published: 06 December 2025

Published
06 December 2025
Modified
10 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. The attack may be initiated remotely.…

more

The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents the stack-based buffer overflow by validating the manipulated clientsname_0 input argument to restrict operations within memory bounds.

SI-16 Memory Protection good match
prevent

Mitigates exploitation of the buffer overflow for arbitrary code execution using memory protections such as stack canaries, ASLR, and non-executable memory.

SI-2 Flaw Remediation partial match
prevent

Addresses the vulnerability through timely flaw remediation and firmware patching when updates become available from the vendor.

Security SummaryAI

CVE-2025-14135 is a stack-based buffer overflow vulnerability in the function AP_get_wired_clientlist_setClientsName within the mod_form.so file. It affects Linksys Wi-Fi range extenders, specifically the RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 models running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue arises from manipulation of the clientsname_0 argument and is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).

The vulnerability can be exploited remotely over the network by an attacker with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L). Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 8.8. This could enable arbitrary code execution, potentially allowing full device compromise.

No patches or official mitigations are available, as the vendor was contacted early for disclosure but did not respond. A proof-of-concept exploit is publicly available on GitHub, increasing the risk of active exploitation. Security practitioners should isolate affected devices, monitor for anomalous activity, and consider firmware updates if released in the future, referencing advisories on VulDB for additional details.

Details

CWE(s)
CWE-119CWE-121CWE-787

Affected Products

linksys
re6500 firmware
1.0.013.001
linksys
re6250 firmware
1.0.04.001
linksys
re6300 firmware
1.2.07.001
linksys
re6350 firmware
1.0.04.001
linksys
re7000 firmware
1.1.05.003
linksys
re9000 firmware
1.0.04.002

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in the web form handler (mod_form.so AP_get_wired_clientlist_setClientsName) of public-facing Linksys Wi-Fi extender web interface enables remote exploitation for initial access.

References