Privilege Escalation Risk in Linksys Router Software by Linksys
CVE-2025-44657

3.9LOW

Key Information:

Vendor: Linksys
Status: EA6350
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-44657?

The Linksys EA6350 router software version 2.1.2 contains a configuration flaw due to the enabled chroot_local_user option in the dynamically generated vsftpd configuration. This vulnerability can result in unauthorized access to system files and may allow attackers to escalate privileges. Additionally, this could enable compromised devices to serve as pivot points for further attacks within the internal network, heightening the security risks associated with this router model.

References

http://ea6350.com

https://gist.github.com/TPCchecker/7839fbd329ebd2f9f6b105...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 22, 2025