CVE Catalog

CVE-2025-22904

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.61%

45th percentile - higher than 45% of all known CVEs

Summary

A stack overflow vulnerability was discovered in RE11S v1.11 via the pptpUserName parameter in the setWAN function. This flaw could allow an attacker to execute arbitrary code or cause a denial of service.

Risk Assessment

The risk for the organization includes potential takeover of the network device, leading to network compromise, data leakage, or service disruption.

Recommendation

Immediately update the RE11S firmware to the latest version if a patch is available. If not, restrict access to the device's management interface to trusted networks only.

Original NVD description (English source)

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS