CVE-2025-9483 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the function singlePortForwardAdd within the /goform/singlePortForwardAdd endpoint. This function improperly handles the input parameters ruleName, schedule, and inboundFilter, allowing an attacker to craft malicious input that causes a stack-based buffer overflow. This type of vulnerability can lead to arbitrary code execution or denial of service. The attack vector is remote network access, requiring no user interaction or prior authentication, which significantly increases the risk. The CVSS 4.0 score is 8.7 (high), reflecting the ease of exploitation (network attack vector, low complexity), no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although the vendor was notified early, no response or patch has been released, and an exploit has been published publicly, increasing the likelihood of exploitation. The vulnerability affects the core functionality of port forwarding configuration, which is commonly used in home and small office network setups to expose internal services externally. Exploitation could allow attackers to gain control over the device, pivot into internal networks, intercept or manipulate traffic, or disrupt network availability.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Linksys range extenders for network connectivity, this vulnerability poses a significant risk. Compromise of these devices can lead to unauthorized network access, data interception, and lateral movement within corporate or home networks. Given the remote exploitability without authentication, attackers can target vulnerable devices en masse, potentially creating botnets or launching further attacks against internal resources. The lack of vendor response and patches increases exposure time, raising the risk of widespread exploitation. Critical infrastructure or organizations with remote workers using these devices may face confidentiality breaches, integrity violations through traffic manipulation, and availability disruptions due to device crashes or reboots. The vulnerability could also be leveraged in supply chain attacks or as a foothold for ransomware campaigns targeting European entities.

Immediate mitigation steps include isolating vulnerable Linksys range extenders from critical network segments and restricting remote management access to trusted IP addresses only. Network administrators should disable port forwarding features if not strictly necessary or replace affected devices with models from vendors with timely security support. Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting the /goform/singlePortForwardAdd endpoint. Regularly scan networks for vulnerable device firmware versions and maintain an asset inventory to identify at-risk devices. Since no official patches are available, organizations should consider deploying network segmentation and strict firewall rules to limit exposure. Additionally, monitoring for unusual device behavior or network traffic anomalies can help detect exploitation attempts early. Engage with Linksys support channels to demand timely remediation and subscribe to vulnerability intelligence feeds for updates. Finally, educate users about the risks of using outdated network devices and encourage prompt hardware upgrades where feasible.