CVE-2026-25603

CWE-22Path Traversal3 documents3 sources
Severity
6.6MEDIUM
EPSS
0.0%
top 91.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linksys Mr9600Linksys Mx4200Linksys Mr9600 Firmware+1 more
Timeline
PublishedFeb 24

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages4 packages

CVEListV5linksys/mr96001.0.4.205530
CVEListV5linksys/mx42001.0.13.210200
NVDlinksys/mr9600_firmware1.0.4.205530
NVDlinksys/mx4200_firmware1.0.4.205530

🔴Vulnerability Details

2
GHSA
GHSA-6xhx-53c5-f9qr: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of2026-02-24
CVEList
Path Traversal vulnerability in Linksys MR9600, Linksys MX42002026-02-24
CVE-2026-25603 (MEDIUM CVSS 6.6) | Improper Limitation of a Pathname t | cvebase.io