CVE-2025-15257 is a remotely exploitable command injection vulnerability found in the Edimax BR-6208AC router firmware versions 1.02 and 1.03. The vulnerability resides in the formRoute function within the /gogorm/formRoute component of the web-based configuration interface. Specifically, the flaw arises from improper sanitization of the input parameters strIp, strMask, and strGateway, which are used to configure network routing settings. An attacker can craft malicious requests that inject arbitrary shell commands through these parameters, leading to command execution on the underlying operating system. The attack vector is network-based, requiring no authentication or user interaction, making it highly accessible to remote attackers. The CVSS 4.0 vector indicates no privileges or user interaction are needed, with low attack complexity and partial impact on confidentiality, integrity, and availability. Edimax has confirmed the vulnerability but stated that the BR-6208AC V2 model has reached end-of-life status, with no further firmware updates or patches planned. Users are advised to upgrade to newer models for improved security. The exploit code has been publicly released, increasing the likelihood of exploitation attempts. This vulnerability poses a significant risk to any organization still operating these devices, as attackers could gain control over the router, manipulate network traffic, or use the device as a foothold for further attacks within the network.

The impact of CVE-2025-15257 is considerable for organizations still using the Edimax BR-6208AC routers. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication, potentially leading to full device compromise. This can result in unauthorized network configuration changes, interception or redirection of network traffic, disruption of network availability, and the establishment of persistent backdoors. Compromised routers can serve as pivot points for lateral movement within corporate or industrial networks, increasing the risk of broader network breaches. Since the device is no longer supported or patched, the vulnerability will remain exploitable indefinitely, increasing exposure over time. Organizations relying on these routers for critical infrastructure or sensitive communications face heightened risks of data breaches, service outages, and operational disruptions. The public availability of exploit code further elevates the threat, as less skilled attackers can leverage it to conduct attacks. The medium CVSS score reflects the balance between the ease of exploitation and partial impact on confidentiality, integrity, and availability, but the lack of vendor support exacerbates the risk.

Given the end-of-life status of the Edimax BR-6208AC and absence of patches, the primary mitigation is to replace all affected devices with newer, supported models that receive regular security updates. Network administrators should conduct an inventory to identify any deployed BR-6208AC routers and prioritize their replacement. Until replacement, affected devices should be isolated on segmented network zones with strict access controls to limit exposure to untrusted networks, especially the internet. Disable remote management interfaces if possible, or restrict access to trusted IP addresses only. Monitor network traffic for unusual activity indicative of exploitation attempts, such as unexpected configuration changes or command execution patterns. Employ network intrusion detection systems (NIDS) with signatures targeting known exploit behaviors for this vulnerability. Regularly review router logs for anomalies. Educate staff about the risks of using unsupported hardware and the importance of timely upgrades. Finally, implement compensating controls such as VPNs or firewalls to reduce direct exposure of vulnerable devices to external networks.