CVE-2025-65883 is a vulnerability identified in the Genexis Platinum P4410 router running firmware version P4410-V2–1.41. The root cause is improper session management, specifically the failure to invalidate administrator session tokens upon logout. When an administrator logs out, the session token remains valid, allowing an attacker on the local network to reuse this stale token. By sending specially crafted requests to the router’s diagnostic endpoint, the attacker can execute arbitrary commands with root privileges, effectively achieving remote code execution (RCE). This vulnerability is classified under CWE-613 (Insufficient Session Expiration). The CVSS v3.1 base score is 8.4, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are currently reported, the vulnerability’s nature allows an attacker with local network access to fully compromise the device. The affected firmware version is specifically P4410-V2–1.41, with no patches currently listed, emphasizing the need for vendor action. The diagnostic endpoint is a critical attack surface, and the failure to invalidate sessions post-logout is a serious security oversight. This vulnerability could be leveraged to pivot into internal networks, intercept or manipulate traffic, or disrupt network services.

For European organizations, this vulnerability poses a significant risk to network security, especially for those using Genexis Platinum P4410 routers in their infrastructure. Successful exploitation grants attackers root-level control over the router, enabling them to intercept, modify, or redirect network traffic, deploy further malware, or disrupt network availability. This could lead to data breaches, loss of service, or compromise of connected systems. Critical sectors such as telecommunications, government, finance, and energy that rely on secure and stable network infrastructure are particularly vulnerable. The local network attack vector means that attackers must have access to the internal network, which could be achieved via compromised devices, insider threats, or physical access. Given the high impact on confidentiality, integrity, and availability, organizations could face regulatory penalties under GDPR if personal data is compromised. The lack of a patch increases the urgency for interim mitigations. The vulnerability also raises concerns for managed service providers and ISPs deploying these routers in customer premises equipment (CPE), potentially affecting a broad user base across Europe.

Immediate mitigation should focus on restricting local network access to the Genexis Platinum P4410 routers. Network segmentation should be enforced to isolate management interfaces from general user networks. Strong access controls and monitoring for unusual activity on the diagnostic endpoint are critical. Administrators should avoid using the vulnerable firmware version and seek updates or patches from Genexis as a priority. If patches are unavailable, consider replacing affected devices or disabling the diagnostic endpoint if possible. Implement network-level protections such as firewall rules to limit access to router management interfaces. Regularly audit session management behavior and monitor for reuse of stale tokens. Employ intrusion detection systems to detect anomalous command execution attempts. Educate staff about the risks of local network threats and enforce strict physical security controls to prevent unauthorized local access. Finally, maintain updated inventories of affected devices to prioritize remediation efforts.