CVE-2025-9250 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, across firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the function setPWDbyBBS within the /goform/setPWDbyBBS endpoint. Specifically, improper handling and insufficient bounds checking of the 'hint' argument allows an attacker to overflow the stack buffer. This overflow can be triggered remotely without authentication or user interaction, enabling potential arbitrary code execution or denial of service. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although the vendor was notified early, no patch or response has been provided, and while no known exploits are currently observed in the wild, public exploit code is available, increasing the risk of exploitation. The vulnerability's remote attack vector and the critical nature of the affected devices, which serve as network extenders, make this a significant threat to network security and stability.

For European organizations, this vulnerability poses a substantial risk as Linksys range extenders are commonly deployed in both enterprise and home office environments to enhance wireless network coverage. Exploitation could lead to unauthorized remote code execution, allowing attackers to compromise network integrity, intercept or manipulate sensitive data, or disrupt network availability. This could facilitate lateral movement within corporate networks, data exfiltration, or serve as a foothold for further attacks. Given the lack of vendor patches, organizations face prolonged exposure. The impact is particularly critical for sectors relying on stable and secure wireless infrastructure, such as finance, healthcare, and government agencies, where network compromise could lead to regulatory non-compliance and operational disruption.

Organizations should immediately inventory their network infrastructure to identify the presence of affected Linksys range extender models and firmware versions. Given the absence of vendor patches, mitigation should focus on network-level controls: isolate affected devices on segmented VLANs with strict access controls; restrict inbound access to the management interface of these devices from untrusted networks; implement firewall rules to block access to the /goform/setPWDbyBBS endpoint; monitor network traffic for anomalous requests targeting this endpoint. Additionally, consider replacing vulnerable devices with models from vendors providing timely security updates. Employ network intrusion detection systems (NIDS) with signatures tuned to detect exploitation attempts of this vulnerability. Regularly review and update wireless device firmware and configurations, and maintain an incident response plan to address potential exploitation.