RouterCVE

Router CVE Weekly Digest — Week of Jun 9, 2025

Published June 9, 2025 · RouterCVE Weekly Digest

16 CVEs 4 High7 Medium1 Low

Affected Vendors

  • Fortinet — 7 CVEs (all medium severity)
  • Palo Alto Networks — 7 CVEs (2 high, 5 medium/low/unassigned)
  • Netgear — 1 CVE (high severity)
  • TP-Link — 1 CVE (high severity)

Critical Vulnerabilities This Week

This week brought 16 new router and network appliance CVEs, with four rated high severity. Three of these demand immediate attention from administrators managing affected infrastructure.

CVE-2025-5934 (CVSS 8.8) affects Netgear EX3700 extenders up to firmware version 1.0.0.88 and involves a stack-based buffer overflow in the /mtd file. This is a classic remote code execution pathway that could allow unauthenticated attackers to compromise devices. If you operate Netgear EX3700 units, verify your firmware version immediately and check Netgear's support portal for patches.

CVE-2025-5875 (CVSS 8.8) targets TP-Link TL-IPC544EP-W4 IP cameras (version 1.0.9 Build 240428 Rel 69493n) with a similar stack-based buffer overflow in /bin/main. While this is technically a camera rather than a router, many deployments integrate IP cameras into managed network environments. Check your TP-Link device inventory and contact TP-Link support for firmware updates.

CVE-2025-4232 (CVSS 8.8) in Palo Alto Networks GlobalProtect on macOS allows non-administrative users to escalate privileges via a wildcard neutralization flaw in the log collection feature. This affects endpoint security posture and should be prioritized if you manage GlobalProtect deployments. Update to the latest GlobalProtect app immediately.

CVE-2025-4231 (CVSS 7.2) is a command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators to execute commands as root. While this requires admin access, it represents a privilege escalation risk. Apply available patches to your PAN-OS instances as soon as testing permits.

Fortinet Issues — Widespread but Moderate Risk

Fortinet accounts for seven CVEs this week, all rated medium severity. While none reach the critical threshold, the breadth of affected products warrants attention:

  • CVE-2025-22254 (CVSS 6.6): Privilege management flaw in FortiOS 7.6.0–7.6.1, 7.4.0–7.4.6, and 7.2.0–7.2.10. This could allow authenticated attackers to escalate privileges.
  • CVE-2025-22256 (CVSS 6.3): Insufficient permissions handling in FortiPAM and FortiSRA across multiple versions (1.0.0 through 1.4.1).
  • CVE-2024-50568 (CVSS 5.9): Channel accessibility issue in FortiOS 7.4.0–7.4.3 and FortiProxy 7.4.0–7.4.3.
  • CVE-2024-54019 (CVSS 4.8): Certificate validation bypass in FortiClient Windows affecting versions 7.0–7.4.0.
  • CVE-2024-32119 (CVSS 4.8): Improper authentication in FortiClient EMS 7.4.0 and earlier, allowing attackers with knowledge of a user's FCTUID to bypass authentication.
  • CVE-2024-45329 (CVSS 4.3): Authorization bypass in FortiPortal 7.0–7.4 via user-controlled keys.
  • CVE-2023-48786 (CVSS 4.3): SSRF vulnerability in FortiClient EMS 7.2.6 and earlier.

Recommended action: Review your Fortinet estate and prioritize updates for FortiOS and FortiClient based on your current versions. CVE-2025-22254 should be addressed first given its 6.6 CVSS rating.

Palo Alto Networks — Mixed Severity Portfolio

Palo Alto Networks contributed seven CVEs: two high-severity issues affecting PAN-OS and GlobalProtect (covered above), plus five additional vulnerabilities of lower severity. CVE-2025-4230 (CVSS 8.4, no severity assigned) and CVE-2025-4229 (CVSS 6.0, information disclosure in SD-WAN) are also worth reviewing, though they appear to have limited exploitability constraints.

Actionable Takeaways

  • Netgear EX3700 and TP-Link TL-IPC544EP-W4 owners: Check firmware versions and apply updates urgently.
  • Palo Alto GlobalProtect users: Update macOS clients and verify PAN-OS is current.
  • Fortinet customers: Audit your FortiOS, FortiClient, and FortiPAM versions against the list above and schedule updates.
  • All administrators: Use RouterCVE.com to track these IDs and set alerts for patches from your vendors.

This week's vulnerability load is moderate but includes several high-impact flaws. Prioritize based on your environment and test updates before production deployment.

« All weekly digests