CVE-2025-44654
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk59th percentile - higher than 59% of all known CVEs
Summary
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
Risk Assessment
The organization faces the risk of device compromise, sensitive data leakage, and potential lateral movement within the internal network from the compromised server.
Recommendation
It is recommended to immediately disable the chroot_local_user option in the vsftpd configuration and update the Linksys E2500 firmware to the latest available version.
Original NVD description (English source)
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

