CVE-2025-15258 identifies an open redirect vulnerability in the Edimax BR-6208AC V2 router, specifically in firmware versions 1.02 and 1.03. The vulnerability resides in the web-based configuration interface's formALGSetup function, where the wlan-url parameter is improperly validated, allowing attackers to redirect users to arbitrary external URLs. This type of vulnerability can be exploited remotely without authentication, but requires user interaction, such as clicking a maliciously crafted link. Open redirects can be leveraged in phishing campaigns to trick users into visiting malicious websites appearing to originate from a trusted source, potentially facilitating further attacks like credential theft or malware distribution. Edimax has confirmed that the BR-6208AC V2 model is end-of-life and no longer supported, meaning no firmware patches or updates will be released to address this issue. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on integrity and availability, resulting in a medium severity rating with a score of 5.1. Although no active exploits have been reported in the wild, the public availability of exploit code increases the likelihood of exploitation attempts. The vulnerability affects only legacy devices, but those devices may still be deployed in some environments, especially where hardware replacement cycles are slow or budgets limited. The lack of vendor support necessitates alternative mitigation strategies such as network segmentation, web filtering, or device replacement to reduce risk.

The primary impact of this vulnerability is the potential for attackers to conduct phishing or social engineering attacks by redirecting users from the trusted router interface to malicious websites. This can lead to credential compromise, malware infection, or further exploitation of user systems. While the vulnerability does not directly compromise the router’s confidentiality, integrity, or availability, it undermines user trust and can serve as a stepping stone for more severe attacks. Organizations relying on the Edimax BR-6208AC V2 routers may face increased risk of targeted phishing campaigns against their users or administrators. Since the device is no longer supported, the inability to patch the vulnerability prolongs exposure and complicates remediation efforts. This can be particularly impactful in environments where these routers provide critical network access or are used in sensitive operational contexts. The medium severity rating reflects the moderate risk posed by the vulnerability, balancing ease of exploitation with limited direct device compromise. However, the broader security posture of affected organizations can be degraded if attackers successfully leverage the open redirect for downstream attacks.

Given the end-of-life status of the Edimax BR-6208AC V2 and absence of vendor patches, the most effective mitigation is to replace affected devices with newer, supported models that receive regular security updates. Until replacement is feasible, organizations should implement network-level controls such as web filtering or proxy solutions to block access to known malicious URLs and monitor for suspicious redirect activity. Administrators should educate users about the risks of clicking unexpected links, especially those purporting to originate from router interfaces. Network segmentation can limit exposure by isolating legacy devices from critical systems and sensitive data. Additionally, disabling remote management features or restricting access to the router’s web interface to trusted internal networks can reduce the attack surface. Logging and monitoring of router access logs may help detect exploitation attempts. Finally, organizations should maintain an inventory of network devices to identify and prioritize replacement of unsupported hardware.