VYPR
Critical severity9.8NVD Advisory· Published Jul 21, 2025· Updated Jul 5, 2026

CVE-2025-44654

CVE-2025-44654

Description

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Affected products

2
  • Linksys/E2500cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 3.0.04.002

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.