CVE-2025-60689 is a command injection vulnerability identified in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers, specifically in firmware version E1200_v2.0.11.001_us. The vulnerability stems from improper sanitization of user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) that are directly concatenated into system command strings executed via the wl_exec_cmd function. This lack of input validation allows remote attackers to inject arbitrary commands, which the router executes with system-level privileges, without requiring any authentication or user interaction. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). The CVSS v3.1 score is 5.4, indicating a medium severity with an attack vector requiring adjacent network access (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and limited confidentiality and integrity impacts (C:L/I:L/A:N). No patches or known exploits are currently reported, but the vulnerability poses a significant risk to the confidentiality and integrity of affected devices. Exploitation could allow attackers to gain control over the router, manipulate network traffic, or pivot into internal networks. The vulnerability is specific to a particular firmware version and device model, limiting its scope but still posing a threat to users of these routers.

For European organizations, exploitation of this vulnerability could lead to unauthorized control over Linksys E1200 v2 routers, potentially compromising network security and privacy. Attackers could manipulate router configurations, intercept or redirect traffic, or use the device as a foothold for further attacks within corporate or home networks. This is particularly concerning for small and medium enterprises or home office setups relying on these routers without additional security layers. The medium CVSS score reflects moderate risk, but the lack of authentication requirement increases the threat level. The impact on confidentiality and integrity could result in data leakage or unauthorized access to internal resources. However, the absence of availability impact means the device is unlikely to be rendered inoperable by this vulnerability. The threat is heightened in scenarios where routers are exposed to adjacent networks or where management interfaces are accessible remotely without adequate protections.

To mitigate CVE-2025-60689, affected organizations should prioritize updating the Linksys E1200 v2 routers to a firmware version that addresses this vulnerability once available. In the absence of an official patch, administrators should disable remote management interfaces and restrict access to the router's web interface to trusted internal networks only. Network segmentation should be implemented to isolate vulnerable devices from critical infrastructure. Employing network intrusion detection systems (NIDS) to monitor for suspicious command injection attempts targeting CGI parameters can provide early warning. Additionally, replacing affected routers with models from vendors with active security support may be warranted for high-risk environments. Regularly auditing router configurations and applying the principle of least privilege for network access will further reduce exposure. Finally, educating users about the risks of using outdated firmware and ensuring timely updates is essential.