CVE-2025-25522

High

Published: 11 February 2025

Published

11 February 2025

Modified

06 June 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

EPSS Score 0.0011 29.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-25522 is a buffer overflow vulnerability (CWE-120) in the Linksys WAP610N wireless access point running firmware version 1.0.05.002. The issue stems from a lack of length verification in the time setting operation, allowing overflow conditions that can be exploited. Published on 2025-02-11, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact potential with low confidentiality and availability effects.

A local attacker with no privileges or user interaction required can exploit this vulnerability due to its low attack complexity. Successful exploitation enables the attacker to directly control the remote target device, potentially leading to unauthorized modifications or further compromise.

For mitigation details, refer to the advisory at https://gist.github.com/XiaoCurry/f2365f4f6d18b2b4518ee20d5c091e1b.

Details

CWE(s): CWE-120

Affected Products

linksys

wap610n firmware

1.0.05.002

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in local time setting operation (AV:L, PR:N) enables arbitrary code execution and device control, directly facilitating exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://gist.github.com/XiaoCurry/f2365f4f6d18b2b4518ee20d5c091e1b
Broken Link · cve@mitre.org