CVE-2025-61941 is a path traversal vulnerability identified in BUFFALO INC.'s WXR9300BE6P series routers running firmware versions prior to 1.10. The flaw stems from insufficient validation and restriction of file pathnames within the device's firmware, allowing an authenticated administrative user to traverse directories outside intended boundaries. This enables the attacker to alter arbitrary files on the device's filesystem, which can lead to unauthorized modifications of configuration or system files. Furthermore, the vulnerability allows execution of arbitrary operating system commands through crafted file alterations, potentially leading to full device compromise. The vulnerability does not require user interaction beyond administrative login, and the attack vector is network-based, making remote exploitation feasible for authorized users. The CVSS 3.0 base score of 7.2 reflects the vulnerability's high impact on confidentiality, integrity, and availability, combined with low attack complexity and the requirement for high privileges (administrative access). No public exploits have been reported yet, but the potential for misuse in targeted attacks or insider threats is significant. The vulnerability affects all firmware versions prior to 1.10, emphasizing the need for prompt firmware updates. The root cause is improper pathname limitation, a common security oversight in embedded device firmware, which can be mitigated by rigorous input validation and sandboxing techniques.

For European organizations, exploitation of CVE-2025-61941 could lead to severe consequences including unauthorized disclosure of sensitive configuration data, disruption of network services due to device compromise, and potential lateral movement within internal networks. Given that the vulnerability requires administrative credentials, the risk is heightened in environments where credential management is weak or where insider threats exist. Critical infrastructure sectors relying on BUFFALO WXR9300BE6P routers for network connectivity could face operational disruptions, data breaches, and loss of control over network devices. The ability to execute arbitrary OS commands elevates the threat to full device takeover, enabling attackers to install persistent malware or pivot to other systems. This could impact confidentiality, integrity, and availability of organizational data and services. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits rapidly after vulnerability disclosure. European enterprises with remote management enabled on these devices are particularly vulnerable to remote exploitation. The impact extends to compliance risks under GDPR if personal data is exposed due to device compromise.

Organizations should immediately verify the firmware version of all BUFFALO WXR9300BE6P devices and upgrade to version 1.10 or later where the vulnerability is patched. If firmware upgrade is not immediately possible, restrict administrative access to trusted networks and enforce strong authentication mechanisms such as multi-factor authentication. Disable remote administration interfaces unless absolutely necessary, and monitor administrative login activity for anomalies. Implement network segmentation to isolate vulnerable devices from critical systems. Regularly audit device configurations and logs to detect unauthorized file changes or command executions. Employ intrusion detection systems capable of recognizing suspicious command patterns or file system modifications on network devices. Educate administrators on the risks of credential compromise and enforce strict password policies. Consider deploying endpoint detection and response (EDR) solutions on management workstations to detect potential exploitation attempts. Coordinate with BUFFALO support for any additional security advisories or patches. Finally, maintain an incident response plan tailored to network device compromises.