CVE Catalog

CVE-2025-44654

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.02%

59th percentile - higher than 59% of all known CVEs

Summary

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Risk Assessment

The organization faces the risk of device compromise, sensitive data leakage, and potential lateral movement within the internal network from the compromised server.

Recommendation

It is recommended to immediately disable the chroot_local_user option in the vsftpd configuration and update the Linksys E2500 firmware to the latest available version.

Original NVD description (English source)

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS