Stack-Based Buffer Overflow in Linksys E1200 v2 Router
CVE-2025-60693

6.5MEDIUM

Key Information:

Vendor: Linksys
Status: Linksys E1200 v2 Router
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-60693?

A stack-based buffer overflow vulnerability has been identified in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers. This flaw arises when the function concatenates up to six user-supplied CGI parameters into a fixed-size buffer without adequate bounds checking, thus appending colon delimiters. Attackers can remotely exploit this vulnerability through specially crafted HTTP requests, leading to arbitrary code execution or potential denial of service. It poses a significant risk as it can be exploited without authentication, allowing unauthorized users to wreak havoc on affected devices.

References

http://linksys.com

https://www.linksys.com/

https://github.com/yifan20020708/SGTaint-0-day/blob/main/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60693 Data

JSON