Affected Vendors
- Linksys: 8 CVEs (5 High, 3 Medium)
- Cisco: 6 CVEs (2 High, 4 Medium)
- NETGEAR: 4 CVEs (3 High, 1 Medium)
- Palo Alto Networks: 4 CVEs (0 High, 4 None/Low)
- ASUS: 1 CVE (1 Critical)
- Fortinet: 1 CVE (1 Critical)
Overview
This week brought 23 new router and network appliance CVEs, including two critical vulnerabilities that demand immediate attention. The threat landscape is dominated by buffer overflow issues affecting Linksys devices and authentication/access control flaws in enterprise-grade equipment from Fortinet and ASUS.
Critical Vulnerabilities
CVE-2025-64446 (CVSS 9.8) affects Fortinet FortiWeb appliances across versions 7.0.0 through 8.0.1. A relative path traversal flaw allows attackers to read arbitrary files and potentially execute code. If you manage FortiWeb deployments, patch immediately to the latest available version.
CVE-2025-59367 (CVSS 9.8) is an authentication bypass in ASUS DSL series routers that enables remote attackers to gain unauthorized system access without credentials. This is particularly concerning for small business and residential deployments. Check ASUS security advisories for available firmware updates and apply them without delay.
Linksys Buffer Overflow Cluster
Linksys devices account for 8 CVEs this week, with a concerning pattern of stack-based buffer overflows across multiple product lines. The E1200 v2 router is affected by five separate buffer overflow vulnerabilities:
- CVE-2025-60691 and CVE-2025-60690 (both CVSS 8.8) in the httpd binary allow remote code execution via specially crafted input to the apply_cgi and block_cgi functions.
- CVE-2025-60692 (CVSS 8.4) affects the libshared.so library, with overflow in get_mac_from_ip and related functions.
- CVE-2025-60694 (CVSS 7.5) impacts the validate_static_route function.
- CVE-2025-60693 (CVSS 6.5) and CVE-2025-60689 (CVSS 5.4) introduce additional risks through buffer overflows and command injection.
The Linksys RE7000 range extender is also vulnerable: CVE-2025-60696 (CVSS 8.4) affects the makeRequest.cgi binary. Additionally, CVE-2025-60695 (CVSS 5.9) in the E7350 router's mtk_dut binary rounds out the Linksys portfolio of concerns. Organizations deploying these models should prioritize firmware updates immediately.
NETGEAR Multi-Model Impact
NETGEAR devices are vulnerable across four separate CVEs affecting different product lines. CVE-2025-12944 (CVSS 8.8) in the DGN2200v4 involves improper input validation allowing remote code execution with direct network access. CVE-2025-12942 (CVSS 7.5) and CVE-2025-12943 (CVSS 7.5) affect the R6260/R6850 and RAX30/RAXE300 models respectively, introducing DNS manipulation and firmware validation bypass risks. CVE-2025-12940 (CVSS 5.5) in WAX610/WAX610Y routers logs credentials in plaintext if syslog is configured. Review your NETGEAR device inventory and check for available patches.
Cisco Catalyst Center Vulnerabilities
Cisco reported 6 CVEs centered on the Catalyst Center platform. CVE-2025-20341 (CVSS 8.8) allows authenticated administrators to elevate privileges further, bypassing intended access controls. The remaining medium-severity issues affect the REST API (CVE-2025-20349, CVSS 6.3), web interface (CVE-2025-20353, CVSS 6.1, and CVE-2025-20355, CVSS 4.7), and permission enforcement (CVE-2025-20346, CVSS 4.3). These warrant timely patching but are less urgent than the critical items above.
Palo Alto Networks Low-Impact Items
Four Palo Alto Networks CVEs were disclosed this week, but all are rated "None" or assigned very low CVSS scores. CVE-2025-4619 (CVSS 6.6) is a DoS in PAN-OS, while the remaining three affect Prisma Browser with minimal real-world impact. These are lower priority for immediate action.
Recommendations
Immediate actions: Apply patches for CVE-2025-64446 (Fortinet FortiWeb) and CVE-2025-59367 (ASUS DSL routers). High priority: Update all Linksys E1200 v2, RE7000, and E7350 devices; review NETGEAR device firmware versions and deploy updates. Ongoing: Monitor vendor security pages for Cisco Catalyst Center patches and schedule updates within your change management window. Document which devices in your fleet are affected and establish a prioritized patching timeline based on network criticality.