CVE-2025-9362 is a medium-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the urlFilterManageRule function within the /goform/urlFilterManageRule endpoint. This function processes parameters such as urlFilterRuleName, scheduleUrl, and addURLFilter. Improper handling of these arguments allows an attacker to trigger a stack-based buffer overflow remotely without requiring authentication or user interaction. The overflow can potentially lead to arbitrary code execution or denial of service on the affected device. The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. Despite early notification, the vendor has not responded or released patches, and no known exploits have been observed in the wild yet. This lack of vendor response increases the risk for users as no official remediation is currently available.

For European organizations, this vulnerability poses a risk primarily to network infrastructure relying on the affected Linksys range extenders. Exploitation could allow remote attackers to compromise these devices, potentially gaining control over network traffic filtering rules or causing device outages. This can lead to degraded network performance, disruption of business operations, and possible lateral movement within internal networks if attackers leverage the compromised devices as footholds. Confidentiality risks are limited but not negligible, as attackers might manipulate URL filtering to bypass security controls or intercept traffic. The absence of vendor patches increases exposure time, especially in environments where these devices are deployed in critical network segments or remote office locations. Organizations using these devices without compensating controls may face increased risk of targeted attacks or automated scanning attempts exploiting this flaw.

Given the lack of official patches, European organizations should take immediate compensatory measures: 1) Identify and inventory all affected Linksys range extender models and firmware versions in their networks. 2) Isolate vulnerable devices from untrusted networks, especially the internet, by placing them behind firewalls or restricting management interfaces to trusted IP addresses only. 3) Disable or restrict the urlFilterManageRule functionality if possible, or disable remote management features to reduce attack surface. 4) Monitor network traffic and device logs for unusual requests targeting /goform/urlFilterManageRule or signs of buffer overflow exploitation attempts. 5) Consider replacing vulnerable devices with updated hardware or alternative products from vendors with active security support. 6) Implement network segmentation to limit potential lateral movement from compromised devices. 7) Stay alert for vendor updates or community-developed patches and apply them promptly once available.