CVE-2026-25603 Linksys — Exploit & Vulnerability Details MEDIUM

CVE-2026-25603

MEDIUM CVSS 3.1: 6.6 EPSS 0.04%

Parameter	Value
CVSS	6.6 (MEDIUM)
Type	CWE-22 (Path Traversal)
Vendor	Linksys
Public PoC	No

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Attack Parameters

Attack Vector

Physical

Requires physical access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 1

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.…

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4558

Linksys

7.4

CVE-2025-34037

Linksys

10.0

Menu

CVE-2026-25603

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4558

CVE-2025-34037

CVE Details

Editor's Choice

Menu

CVE-2026-25603

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4558

CVE-2025-34037

CVE Details

Editor's Choice

Stay informed on cybersecurity