CVE-2025-22997

CWE-79 — Cross-site Scripting (XSS)CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 62.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys E5600 Firmware

Timeline

PublishedJan 15

Description

A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDlinksys/e5600_firmware1.1.0.26

🔴Vulnerability Details

GHSA

GHSA-8cxq-j8f9-28r7: A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver↗2025-01-15

▶

CVEList

CVE-2025-22997: A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver↗2025-01-14

▶

📋Vendor Advisories

Microsoft

In the Linux kernel before 6.1.2 kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case whereas it is actually an error pointer).↗2023-02-14

▶