CVE-2025-22997 is a stored cross-site scripting (XSS) vulnerability identified in the prf_table_content component of the Linksys E5600 Router firmware version 1.1.0.26. The vulnerability arises from insufficient sanitization of user-supplied input in the 'desc' parameter, which allows attackers to inject arbitrary web scripts or HTML that are persistently stored on the device. When a legitimate user or administrator accesses the affected interface, the malicious payload executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions within the router's web management interface. The attack vector requires the attacker to have at least limited privileges (PR:L) and for the victim to interact with the malicious content (UI:R). The CVSS vector (AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates the attack can be performed over a network with low complexity, but requires authentication and user interaction, and impacts confidentiality and integrity with a scope change. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly. The vulnerability is classified under CWE-79, which covers cross-site scripting issues. This vulnerability could be leveraged in targeted attacks against network administrators or users managing the router, especially in environments where the router's web interface is exposed or shared among multiple users.

The primary impact of CVE-2025-22997 is on the confidentiality and integrity of the router's management interface. Successful exploitation can lead to theft of administrative credentials, session hijacking, or unauthorized configuration changes, potentially compromising the entire network behind the router. While the vulnerability does not directly affect availability, the resulting unauthorized access could be leveraged to disrupt network operations indirectly. The requirement for authentication and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate risk in environments with multiple users or weak access controls. Organizations relying on Linksys E5600 routers, particularly in small office or home office environments, may face increased risk of targeted attacks aiming to gain persistent access or pivot into internal networks. The absence of known exploits in the wild currently limits immediate risk, but the public disclosure increases the potential for future exploitation if patches are not applied.

To mitigate CVE-2025-22997, organizations should immediately restrict access to the Linksys E5600 router's web management interface by limiting it to trusted networks and users only, preferably via network segmentation or VPN access. Administrators should enforce strong authentication mechanisms and regularly monitor router logs for suspicious activity. Since no official patch is currently available, consider disabling or limiting the use of the prf_table_content component if possible, or avoid using the 'desc' parameter in configurations. Users should avoid clicking on suspicious links or interacting with untrusted content in the router's management interface. Regular firmware updates should be applied as soon as Linksys releases a patch addressing this vulnerability. Additionally, network administrators can implement web application firewalls or intrusion detection systems to detect and block malicious payloads targeting the router's interface. Educating users about the risks of XSS and safe management practices can further reduce exploitation likelihood.