CVE-2025-14910 is a path traversal vulnerability discovered in the FTP Daemon Service component of the Edimax BR-6208AC router, specifically version 1.02. The vulnerability resides in the handle_retr function, which processes FTP RETR commands to retrieve files. By manipulating input parameters, an attacker can traverse directories outside the intended FTP root directory, gaining unauthorized access to arbitrary files on the device's filesystem. The attack vector is remote network access to the FTP service, requiring no user interaction and minimal privileges, making exploitation relatively straightforward. The vulnerability has a CVSS 4.0 base score of 5.3 (medium severity), reflecting its moderate impact on confidentiality with low complexity and no authentication needed. Edimax has confirmed the issue but no longer supports this model, which was discontinued five years ago. The vendor recommends disabling the FTP service or upgrading to supported hardware. No patches or firmware updates are available, and no active exploits have been reported in the wild. The public availability of exploit details increases the risk for organizations still operating this legacy device, especially if the FTP service remains enabled and exposed to untrusted networks.

For European organizations, the primary impact of CVE-2025-14910 lies in potential unauthorized disclosure of sensitive information stored on the affected router's filesystem. Attackers exploiting this vulnerability can access configuration files, credentials, or other critical data, potentially facilitating further network compromise or lateral movement. Since the device is discontinued and unsupported, organizations cannot rely on vendor patches, increasing exposure risk. The vulnerability could also be leveraged as a foothold for persistent access or to disrupt network operations if critical files are accessed or modified. Given the FTP service is often exposed for remote management or file transfers, the attack surface is significant if not properly segmented. The impact is heightened in environments where legacy hardware remains in use due to budget constraints or operational inertia, common in some European public sector or small-to-medium enterprises. Additionally, compliance with data protection regulations like GDPR may be jeopardized if sensitive data is exposed through this vulnerability.

Organizations should immediately identify any Edimax BR-6208AC devices running firmware version 1.02 and assess whether the FTP service is enabled and accessible from untrusted networks. The primary mitigation is to disable the FTP Daemon Service entirely, as recommended by Edimax, which will prevent exploitation while maintaining other router functions. If FTP functionality is essential, organizations should isolate the device within a secure network segment with strict access controls and monitor FTP traffic for anomalies. Network-level protections such as firewall rules restricting FTP access to trusted IPs can reduce exposure. Given the lack of vendor patches, organizations should plan to replace these legacy devices with supported models that receive regular security updates. Additionally, conducting regular network scans to detect legacy devices and auditing configurations for unnecessary services will reduce risk. Incident response plans should include monitoring for exploitation attempts leveraging this vulnerability, especially since public exploit code is available.