Affected Vendors
- Linksys: 4 CVEs (all high severity)
This Week's Vulnerabilities
This week brings four high-severity vulnerabilities, all affecting Linksys mesh extender devices. While the volume is modest, the consistent CVSS score of 8.8 across all four issues signals a coordinated security disclosure affecting a widely deployed product line.
Linksys Mesh Extenders Under Scrutiny
Four vulnerabilities have been identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 mesh extenders across multiple firmware versions (1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001). The affected CVEs are:
- CVE-2025-14136 (CVSS 8.8)
- CVE-2025-14135 (CVSS 8.8)
- CVE-2025-14134 (CVSS 8.8)
- CVE-2025-14133 (CVSS 8.8)
These vulnerabilities impact core functionality within the extender firmware, including client management and configuration operations. Given their high CVSS scores, they likely permit remote code execution or significant privilege escalation.
Recommended Action
If you manage Linksys RE-series extenders in your environment, prioritize checking Linksys's support portal for patched firmware versions targeting these models. Update devices as patches become available, particularly in customer-facing or business-critical networks. Monitor the RouterCVE database for patch availability announcements.