CVE-2025-9361 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the ipRangeBlockManageRule function within the /goform/ipRangeBlockManageRule endpoint. By manipulating the input parameters ipRangeBlockRuleName, scheduleIp, or ipRangeBlockRuleIpAddr, an attacker can trigger a stack-based buffer overflow. This type of overflow can lead to arbitrary code execution, denial of service, or system compromise. The vulnerability is remotely exploitable without user interaction or authentication, increasing its risk profile. The CVSS 4.0 base score is 8.7, indicating a high severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). The exploit details have been publicly disclosed, but no patches or vendor responses have been provided yet, leaving affected devices vulnerable to potential exploitation. The lack of vendor response and patch availability heightens the urgency for mitigation and risk management.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Linksys range extenders in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially gaining control over the affected device. This can lead to network disruption, interception or manipulation of network traffic, lateral movement within corporate networks, and compromise of sensitive data. Given that these devices often serve as network extenders or Wi-Fi access points, their compromise could undermine network availability and integrity, affecting business operations and data confidentiality. The absence of vendor patches increases the risk of exploitation, particularly in environments where these devices are deployed without strict network segmentation or monitoring. Additionally, the vulnerability could be leveraged as a foothold for broader attacks targeting European organizations, including espionage or ransomware campaigns. The high severity and ease of exploitation without authentication make this a critical concern for IT security teams in Europe.

In the absence of official patches from Linksys, European organizations should implement immediate compensating controls. First, isolate affected Linksys range extenders from critical network segments to limit potential lateral movement. Disable remote management interfaces or restrict access to trusted IP addresses only. Employ network-level filtering to block access to the /goform/ipRangeBlockManageRule endpoint or related management URLs. Monitor network traffic for unusual patterns or attempts to exploit this vulnerability, using intrusion detection/prevention systems with custom signatures if necessary. Consider replacing vulnerable devices with alternative hardware from vendors with active security support. Additionally, maintain strict network segmentation and enforce strong access controls around wireless infrastructure. Regularly audit device firmware versions and configurations to identify and remediate vulnerable units. Finally, stay alert for any vendor updates or security advisories that may provide patches or further guidance.