CVE Catalog

CVE-2025-44657

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Risk Assessment

The organization faces the risk of router compromise, potentially allowing attackers to access sensitive data, escalate privileges, and launch attacks against other devices on the internal network.

Recommendation

It is recommended to immediately update the Linksys EA6350 firmware to the latest available version and disable the chroot_local_user option in the vsftpd configuration if possible.

Original NVD description (English source)

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS