CVE-2025-8832 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys Wi-Fi range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions up to 20250801. The vulnerability resides in the setDMZ function within the /goform/setDMZ endpoint, where improper handling of the DMZIPAddress argument allows an attacker to overflow the stack buffer. This flaw can be exploited remotely without requiring user interaction or prior authentication, making it highly accessible to attackers. The buffer overflow can lead to arbitrary code execution, potentially allowing attackers to take full control of the affected device. Despite early notification, Linksys has not responded or released a patch, and a public exploit has been disclosed, increasing the risk of exploitation. The CVSS 4.0 score of 8.7 reflects the vulnerability's critical impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction required. The vulnerability's exploitation could disrupt network operations, compromise network traffic, or serve as a foothold for lateral movement within corporate or home networks relying on these devices.

For European organizations, this vulnerability poses significant risks, especially for enterprises and SMEs that deploy Linksys range extenders to improve Wi-Fi coverage in offices, warehouses, or remote sites. Exploitation could lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and disruption of network services. Given the remote exploitability and lack of authentication, attackers could leverage this vulnerability to establish persistent backdoors or launch further attacks against connected systems. The absence of vendor patches exacerbates the threat, increasing the likelihood of exploitation in the wild. Critical infrastructure operators and organizations handling sensitive personal or business data in Europe could face data breaches, operational downtime, and reputational damage. Additionally, home users in Europe using these devices could inadvertently become part of botnets or attack platforms, indirectly impacting broader organizational security.

Since no official patch is currently available from Linksys, European organizations should implement immediate compensating controls. These include isolating affected range extenders on segmented network zones with strict firewall rules to limit inbound traffic to trusted sources only. Disable or restrict remote management interfaces, especially access to the /goform/setDMZ endpoint, through network access control lists or device configuration if possible. Monitor network traffic for unusual patterns or attempts to exploit the DMZIPAddress parameter. Employ intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability once available. Consider replacing vulnerable devices with alternative models or vendors that provide timely security updates. Regularly audit network devices for firmware versions and maintain an inventory to identify and prioritize remediation. Finally, educate IT staff and users about the risks and signs of compromise related to network devices.