CVE-2025-29230

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Mar 21, 2025

Updated: Apr 1, 2025

CWE ID 77

Summary

CVE-2025-29230 is a command injection vulnerability affecting the Linksys E5600 v1.1.0.26 router's runtime.emailReg function. An attacker can exploit this vulnerability by manipulating the `pt["email"]` parameter, allowing them to inject and execute malicious commands on the affected device. This issue poses a significant risk to network security, as an attacker could gain unauthorized administrative access, install malware, or steal sensitive user information. Users are strongly encouraged to update their router firmware to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4OFjbu
https://www.cve.org/CVERecord?id=CVE-2025-29230
https://nvd.nist.gov/vuln/detail/CVE-2025-29230

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2025-29230

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations