CVE-2025-8829

High PUBLISHED

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection

Linksys · RE6250, RE6300, RE6350, RE6500, RE7000, RE9000

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
5.3 Medium

At a Glance

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Dabei geht es um die Funktion um_red der Datei /goform/RP_setBasicAuto. Dank der Manipulation des Arguments hname mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVE Published
Aug 11, 2025
Exploitation Reported
Aug 11, 2025
CVSS
5.3 Medium
EPSS
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Linksys
RE6250

20250801

Affected
Linksys
RE6300

20250801

Affected
Linksys
RE6350

20250801

Affected
Linksys
RE6500

20250801

Affected
Linksys
RE7000

20250801

Affected
Linksys
RE9000

20250801

Affected

CVE References

Show 1 more reference

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.