Unrated severityNVD Advisory· Published Aug 22, 2025· Updated Aug 26, 2025

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow

CVE-2025-9356

Description

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Linksys/RE6300llm-fuzzy
Range: = 1.0.04.001
Linksys/RE6250llm-fuzzy
Range: = 1.0.013.001
Linksys/RE6350llm-fuzzy
Range: = 1.0.04.002
Linksys/RE6250v5
Range: 1.0.013.001
Linksys/RE6300v5
Range: 1.0.013.001
Linksys/RE6350v5
Range: 1.0.013.001
Linksys/RE6500v5
Range: 1.0.013.001
Linksys/RE7000v5
Range: 1.0.013.001
Linksys/RE9000v5
Range: 1.0.013.001

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.mdmitreexploit
vuldb.commitrethird-party-advisory
github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.mdmitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.linksys.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000