Path Traversal Vulnerability in Buffalo WXR9300BE6P Series Firmware
CVE-2025-61941

8.6HIGH

Key Information:

Vendor: Buffalo Inc.
Status: Wxr9300be6p Series
Vendor: CVE Published:; 15 October 2025

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2025-61941?

A path traversal flaw has been identified in the firmware of the Buffalo WXR9300BE6P series prior to version 1.10. This vulnerability allows an authenticated administrative user to modify arbitrary files, potentially leading to unauthorized access or manipulation of system operations. Moreover, it may enable the execution of arbitrary operating system commands through specific file changes, posing significant security risks to the affected device.

Affected Version(s)

WXR9300BE6P series firmware versions prior to Ver.1.10

References

https://www.buffalo.jp/news/detail/20251014-01.html

https://jvn.jp/en/vu/JVNVU96471278/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 14, 2025

JSON