CVE-2025-5445 is a critical OS command injection vulnerability affecting multiple Linksys Wi-Fi range extender models, including RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000, across several firmware versions (1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001). The vulnerability resides in the RP_checkFWByBBS function within the /goform/RP_checkFWByBBS endpoint. This function improperly handles several input parameters such as type, ch, ssidhex, security, extch, pwd, mode, ip, nm, and gw, allowing an attacker to inject arbitrary OS commands. The flaw can be exploited remotely without requiring user interaction or authentication, making it highly accessible to attackers. Although the CVSS v4.0 score is 5.3 (medium severity), the nature of OS command injection typically implies a higher risk due to the potential for full system compromise. The vendor, Linksys, was contacted but has not responded or issued a patch, and no known exploits have been observed in the wild yet. This vulnerability could allow attackers to execute arbitrary commands on the device, potentially leading to device takeover, network pivoting, data interception, or disruption of network services. The affected devices are commonly used in home and small office environments to extend Wi-Fi coverage, often connected to critical network infrastructure.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Linksys range extenders, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to internal networks, interception of sensitive data, and lateral movement to other devices within the network. Given the devices' role in extending Wi-Fi coverage, attackers could disrupt network availability or use compromised extenders as footholds for further attacks. The lack of vendor response and patches increases the window of exposure. Organizations in Europe with remote or hybrid work setups that depend on these extenders for connectivity may face increased risk of espionage, data breaches, or service disruption. Additionally, critical infrastructure entities using these devices could be targeted for sabotage or espionage, amplifying the threat's impact.

Immediate mitigation should focus on network segmentation to isolate vulnerable Linksys extenders from critical systems and sensitive data. Disable remote management interfaces on these devices to reduce exposure. Monitor network traffic for unusual patterns originating from or targeting these extenders. Employ network intrusion detection systems (NIDS) with signatures for command injection attempts. Where possible, replace affected devices with models from vendors providing timely security updates. If replacement is not feasible, consider deploying firewall rules to restrict access to the vulnerable endpoints (/goform/RP_checkFWByBBS). Regularly audit device firmware versions and configurations. Since no patches are available, organizations should engage with Linksys support channels persistently and monitor for any future updates. Educate users about the risks and encourage reporting of unusual device behavior. Finally, maintain robust network logging to facilitate incident response in case of exploitation.