Router CVE Weekly Digest — Week of Aug 11, 2025

Affected Vendors This Week

• Cisco: 29 CVEs (1 critical, 8 high, 20 medium)
• Linksys: 14 CVEs (0 critical, 7 high, 7 medium)
• Fortinet: 10 CVEs (1 critical, 3 high, 6 medium)
• Palo Alto Networks: 5 CVEs (0 critical, 0 high, 5 unrated)

This week brought 58 new router and security appliance vulnerabilities, including two critical issues that demand immediate attention. Cisco and Fortinet dominate the landscape, with a particularly troubling cluster of command injection flaws affecting Linksys mesh repeaters.

Critical Priorities

CVE-2025-20265 (CVSS 10.0) is the most severe issue this week. This unauthenticated remote code execution vulnerability affects Cisco Secure Firewall Management Center (FMC) via a flaw in the RADIUS subsystem. An attacker can inject arbitrary shell commands without authentication—this is a complete compromise risk for any organization managing Cisco firewalls through FMC. Patch immediately.

CVE-2025-25256 (CVSS 9.8) is nearly as critical. Fortinet FortiSIEM versions 7.3.0–7.3.1, 7.2.0–7.2.5, and 7.1.0 and below are vulnerable to OS command injection. This allows unauthenticated attackers to execute arbitrary commands on the system. If you're running any affected FortiSIEM version, prioritize an emergency update.

Linksys Mesh Repeater Cascade

Linksys has disclosed 14 vulnerabilities affecting six mesh repeater models: RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 (firmware versions up to 20250801). Seven of these are high-severity issues with identical CVSS scores of 8.8. All stem from improper input validation in web-based management functions:

• CVE-2025-8833: Language switching function allows command injection
• CVE-2025-8832: DMZ configuration endpoint vulnerable to injection
• CVE-2025-8831: Remote management settings can be manipulated
• CVE-2025-8826: Wireless channel auto-selection function affected
• CVE-2025-8824: RIP configuration vulnerable to injection
• CVE-2025-8822: Algorithm disable function allows command injection
• CVE-2025-8820: Wireless basic settings manipulation

The common thread: these are all unauthenticated web-based attacks that can be exploited remotely if the repeater is exposed to the internet or within a compromised network. If you manage Linksys repeaters, check for firmware updates immediately and verify these devices are not accessible from untrusted networks.

Cisco Firewall Web Service Issues

Beyond the critical FMC flaw, Cisco disclosed multiple high-severity vulnerabilities in its firewall ecosystem:

• CVE-2025-20263 (CVSS 8.6): Web services interface flaw in ASA and FTD allows unauthenticated remote access
• CVE-2025-20243 (CVSS 8.6): Management and VPN web server vulnerability in ASA/FTD
• CVE-2025-20253 and CVE-2025-20239 (CVSS 8.6 each): IKEv2 feature flaws affecting IOS, IOS XE, ASA, and FTD
• CVE-2025-20222 (CVSS 8.6): RADIUS proxy authentication bypass in IPsec VPN
• CVE-2025-20136 (CVSS 8.6): NAT DNS inspection flaw in ASA
• CVE-2025-20217 (CVSS 8.6): Snort 3 detection engine packet inspection bypass in FTD

Cisco's firewall products continue to be a major attack surface. These eight high-severity issues span authentication, encryption, and threat detection—core security functions. Check Cisco's security advisories and apply patches according to your change management schedule.

Fortinet Beyond the Critical

Fortinet has nine additional vulnerabilities beyond CVE-2025-25256. Notable ones include:

• CVE-2025-52970 (CVSS 8.1): FortiWeb parameter handling flaw in versions 7.6.3, 7.4.7, 7.2.10, and 7.0.10 and below
• CVE-2024-26009 (CVSS 8.1): FortiOS authentication bypass (versions 6.4.0–6.4.15 and 6.2.0 and below)
• CVE-2025-49813 (CVSS 7.2): FortiADC command injection

Fortinet's product line, like Cisco's, shows sustained vulnerability activity across multiple product lines. Ensure your FortiOS, FortiWeb, and FortiADC instances are current.

Palo Alto Networks

Palo Alto Networks disclosed five vulnerabilities (CVE-2025-2180 through CVE-2025-2184), all rated with no CVSS score or unrated status. These include information disclosure in Checkov, a MACsec implementation flaw in PAN-OS, certificate validation issues in GlobalProtect, and credential management problems in Cortex XDR Broker VM. While lower severity, the credential sharing issue in Broker VM (CVE-2025-2184) warrants attention if you operate that infrastructure.

Actionable Takeaways

• Today: Patch Cisco FMC (CVE-2025-20265) and Fortinet FortiSIEM (CVE-2025-25256) immediately.
• This week: Update all Linksys mesh repeaters to the latest firmware and restrict their internet exposure.
• This month: Review Cisco ASA/FTD and Fortinet FortiOS/FortiWeb patch levels and schedule updates.
• Ongoing: Monitor Cisco and Fortinet advisories closely—both vendors are seeing sustained vulnerability discovery.