CVE-2025-22997

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 15, 2025

CWE ID 79

Summary

CVE-2025-22997 is a stored cross-site scripting (XSS) vulnerability affecting the prf_table_content component in the Linksys E5600 Router with firmware version 1.1.0.26. Attackers can exploit this issue by injecting malicious scripts into the desc parameter, allowing them to execute arbitrary web scripts or HTML on unsuspecting users visiting the affected router's web interface. Successful exploitation could lead to unauthorized access, data theft, or other malicious activities. Users are advised to update their router firmware to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

E5600

Affected Vendors

Linksys

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2T_Fvc
https://www.cve.org/CVERecord?id=CVE-2025-22997
https://nvd.nist.gov/vuln/detail/CVE-2025-22997

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners