CVE-2025-44657

Low CVSS 3.9

Overview

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

CWE: CWE-284 Published: 2025-07-21T16:15:29.443

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.9 (LOW)
Detected tags: priv_esc, unauth_access (tag impact: HIGH)

Recommended actions:

Fix privilege escalation urgently.
Enforce least-privilege and strengthen EDR detection.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags