CVE-2025-60693 is a stack-based buffer overflow vulnerability identified in the get_merge_mac function within the httpd binary of Linksys E1200 v2 routers, specifically firmware version E1200_v2.0.11.001_us.tar.gz. The vulnerability stems from improper bounds checking when concatenating up to six user-supplied CGI parameters named <parameter>_0 through <parameter>_5 into a fixed-size buffer (referred to as a2). During this concatenation, colon delimiters are appended between parameters, but the function fails to verify that the combined length fits within the allocated buffer, leading to a classic stack buffer overflow condition. This flaw can be triggered remotely by sending specially crafted HTTP requests containing these parameters, without requiring any authentication or user interaction. Successful exploitation can allow attackers to execute arbitrary code on the router, potentially gaining full control over the device, or cause a denial of service by crashing the httpd process. The router’s httpd service is typically exposed on local networks and sometimes on WAN interfaces if remote management is enabled, increasing the attack surface. No CVSS score has been assigned yet, and no patches or official mitigations have been released as of the publication date (November 13, 2025). No known exploits have been observed in the wild, but the vulnerability’s characteristics suggest it is highly exploitable. The affected firmware version is specific, but many organizations may still be using this version due to delayed updates or lack of awareness. The vulnerability’s exploitation could compromise network perimeter security, allowing attackers to pivot into internal networks or disrupt critical services relying on these routers.

For European organizations, the impact of CVE-2025-60693 can be significant. Linksys E1200 v2 routers are commonly used in small to medium-sized business environments and home offices, which are often less rigorously managed than enterprise-grade equipment. Exploitation could lead to full compromise of the router, enabling attackers to intercept, modify, or redirect network traffic, potentially exposing sensitive data or enabling lateral movement within corporate networks. Denial of service conditions could disrupt internet connectivity, impacting business operations. In sectors such as finance, healthcare, and critical infrastructure, where network reliability and data confidentiality are paramount, such a compromise could have severe operational and reputational consequences. The lack of authentication for exploitation increases risk, especially if remote management interfaces are exposed or if attackers gain access to internal networks. Additionally, compromised routers could be used as footholds for launching further attacks or as part of botnets, amplifying the threat landscape for European organizations.

To mitigate CVE-2025-60693, European organizations should first identify any Linksys E1200 v2 routers running the vulnerable firmware version (E1200_v2.0.11.001_us.tar.gz). Immediate steps include disabling remote management interfaces exposed to the internet to reduce attack surface. Network segmentation should be enforced to isolate vulnerable routers from critical internal systems. Monitoring HTTP traffic for unusual or malformed CGI parameter patterns targeting the get_merge_mac function can help detect exploitation attempts. Where possible, upgrade to a newer firmware version that addresses this vulnerability once available. If no patch exists, consider replacing affected devices with more secure alternatives. Employ intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect buffer overflow attempts targeting Linksys routers. Regularly audit router configurations and restrict administrative access to trusted personnel and networks. Finally, educate users and administrators about the risks of outdated firmware and the importance of timely updates.