CVE-2025-45488: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex...

9.8 CVSS

Description

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.

Classification

CVE ID: CVE-2025-45488

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.89% (probability of being exploited)

EPSS Percentile: 74.41% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-45488
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pdf
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.py

Timeline

2025-05-06 16:40:17 UTC
CVE

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex...