CVE-2025-45489

CWE-77Command Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
7.2%
top 8.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linksys E5600 Firmware
Timeline
PublishedMay 6
Latest updateMay 19

Description

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-45489: Linksys E5600 v12025-05-06
GHSA
GHSA-6p4m-rffq-g464: Linksys E5600 v12025-05-06

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Linksys E5600 runtime.ddnsStatus Multiple Parameters Command Injection Attempt (CVE-2025-45488-2025-45491)2025-05-19
CVE-2025-45489 (CRITICAL CVSS 9.8) | Linksys E5600 v1.1.0.26 was discove | cvebase.io