CVE-2025-44657
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
Risk Assessment
The organization faces the risk of router compromise, potentially allowing attackers to access sensitive data, escalate privileges, and launch attacks against other devices on the internal network.
Recommendation
It is recommended to immediately update the Linksys EA6350 firmware to the latest available version and disable the chroot_local_user option in the vsftpd configuration if possible.
Original NVD description (English source)
In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

