Buffer Overflow Vulnerability in Linksys E7350 Routers
CVE-2025-60695

5.9MEDIUM

Key Information:

Vendor: Linksys
Status: E7350 Router
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-60695?

A stack-based buffer overflow has been identified in the mtk_dut binary of Linksys E7350 routers with Firmware 1.1.00.032. This vulnerability originates from a flawed implementation in the sub_4045A8 function, which processes user input without proper boundary checks. The function reads up to 256 bytes from the path /sys/class/net/%s/address into a local buffer and subsequently copies this data into a caller-supplied buffer (a1) using the strcpy function. Given that a1 is typically allocated with much smaller capacities (between 20-32 bytes), an attacker with local access can exploit this flaw to trigger buffer overflows. The consequences of this vulnerability can range from memory corruption to the potential for denial of service or arbitrary code execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://linksys.com

https://www.linksys.com/

https://github.com/yifan20020708/SGTaint-0-day/blob/main/...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

Linksys

What is CVE-2025-60695?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.