Cyber Posture

CVE-2025-14136

HighPublic PoC

Published: 06 December 2025

Published
06 December 2025
Modified
10 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack may…

more

be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
preventrecover

Directly addresses the stack buffer overflow by requiring identification, reporting, and correction of the flaw in affected Linksys firmware versions through timely patching.

SI-10 Information Input Validation good match
prevent

Prevents exploitation by enforcing input validation mechanisms on the clientsname_0 argument at the mod_form.so entry point to block buffer overflow attempts.

SI-16 Memory Protection good match
prevent

Mitigates successful buffer overflow exploitation via memory protections like non-executable stack and address randomization, limiting arbitrary code execution on the device.

Security SummaryAI

CVE-2025-14136 is a stack-based buffer overflow vulnerability in the RE2000v2Repeater_get_wired_clientlist_setClientsName function of the mod_form.so file. It affects Linksys Wi-Fi range extender models RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, or 1.2.07.001. The issue stems from manipulation of the clientsname_0 argument and is associated with CWEs-119, CWE-121, and CWE-787.

An attacker with low privileges can exploit this vulnerability remotely without user interaction, as indicated by the CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.

VulDB advisories detail the vulnerability, and a proof-of-concept exploit is publicly available on GitHub. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations have been issued.

A public exploit has been released, increasing the risk of active exploitation.

Details

CWE(s)
CWE-119CWE-121CWE-787

Affected Products

linksys
re6500 firmware
1.0.013.001
linksys
re6250 firmware
1.0.04.001
linksys
re6300 firmware
1.2.07.001
linksys
re6350 firmware
1.0.04.001
linksys
re7000 firmware
1.1.05.003
linksys
re9000 firmware
1.0.04.002

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote stack-based buffer overflow in mod_form.so web handler (clientsname_0 parameter) enables exploitation of public-facing application for initial access (T1190) and application exploitation leading to endpoint denial of service (T1499.004).

References