CVE-2025-9360 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the function accessControlAdd within the /goform/accessControlAdd endpoint. This function improperly handles the input parameters ruleName and schedule, allowing an attacker to craft malicious input that overflows the stack buffer. The overflow can be triggered remotely without authentication or user interaction, making it highly exploitable. The CVSS v4.0 score is 8.7 (high), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and a high impact on confidentiality, integrity, and availability. The vulnerability allows an attacker to execute arbitrary code or cause denial of service on the affected device, potentially compromising the network segment behind the range extender. Although the vendor was notified early, no patch or response has been provided, and no known exploits have been observed in the wild yet. Given the public disclosure and exploitability, this vulnerability poses a significant risk to users of these Linksys devices.

For European organizations, this vulnerability could have serious consequences. Linksys range extenders are commonly used in both home and small office environments to improve Wi-Fi coverage. Compromise of these devices could allow attackers to gain a foothold inside corporate or home networks, intercept or manipulate traffic, and pivot to other internal systems. The ability to execute arbitrary code remotely without authentication increases the risk of widespread exploitation, especially in environments where these devices are deployed without strict network segmentation or monitoring. This could lead to data breaches, disruption of network services, or use of compromised devices as part of botnets. The lack of vendor response and patches increases the window of exposure. Organizations relying on these devices for network extension should consider the risk to confidentiality, integrity, and availability of their network communications and connected assets.

Given the absence of vendor patches, European organizations should take immediate practical steps: 1) Identify and inventory all affected Linksys range extender models and firmware versions within their networks. 2) Where possible, disable remote management interfaces or restrict access to trusted IP addresses to prevent remote exploitation. 3) Segment the network so that range extenders are isolated from critical systems and sensitive data. 4) Monitor network traffic for unusual activity originating from or targeting these devices, including unexpected connections to /goform/accessControlAdd endpoints. 5) Consider replacing vulnerable devices with models from vendors that provide timely security updates. 6) If replacement is not immediately feasible, implement compensating controls such as VPNs or firewall rules to limit exposure. 7) Stay alert for any future patches or advisories from Linksys or security communities and apply updates promptly once available.