CVE-2025-22997

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22997
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md Broken Link Exploit
https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md Broken Link Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:e5600_firmware:1.1.0.26:*:*:*:*:*:*:*
cpe:2.3:h:linksys:e5600:-:*:*:*:*:*:*:*
History

11 Jun 2025, 15:35

Type Values Removed Values Added
References () https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md - () https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md - Broken Link, Exploit
CPE cpe:2.3:h:linksys:e5600:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:e5600_firmware:1.1.0.26:*:*:*:*:*:*:*
First Time Linksys e5600
Linksys e5600 Firmware
Linksys

15 Jan 2025, 17:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el componente prf_table_content del enrutador Linksys E5600 versión 1.1.0.26 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado e inyectado en el parámetro desc.
CWE CWE-79
References () https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md - () https://github.com/SunnyYANGyaya/firmcrosser/blob/main/Linksys/E5600-1.md -
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.8

15 Jan 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-15 00:15

Updated : 2025-06-11 15:35

NVD link : CVE-2025-22997

Mitre link : CVE-2025-22997

CVE.ORG link : CVE-2025-22997

JSON object : View

Products Affected

linksys

  • e5600_firmware
  • e5600
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')