CVE-2025-25246

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 5, 2025

CWE ID 94

Summary

CVE-2025-25246 is a remote code execution vulnerability affecting NETGEAR XR1000 versions before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134. This issue allows unauthenticated users to execute arbitrary code on the affected devices, posing a significant risk to network security. Attackers can exploit this vulnerability by sending specially crafted packets to the targeted device, leading to potential compromise and data theft. Users are advised to update their devices to the latest firmware version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3EmEan
https://www.cve.org/CVERecord?id=CVE-2025-25246
https://nvd.nist.gov/vuln/detail/CVE-2025-25246

Back to Vulnerability Database

CVE-2025-25246

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations