CVE-2025-60696
Last modified
CVE-2025-60696 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Re7000 Firmware | 2.0.15 |
References
- http://linksys.comProduct
- https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-RE700/CVE-2025-60696.mdExploit, Third Party Advisory
- https://www.linksys.com/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-60696?
How severe is CVE-2025-60696?
How do I fix CVE-2025-60696?
Are you affected by CVE-2025-60696?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST