CVE-2025-44654 — CRITICAL (9.8)

Vulnerability Description

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linksys	E2500 Firmware	3.0.04.002
Linksys	E2500	-

Related Weaknesses (CWE)

CWE-284

References

http://e2500.comBroken LinkNot Applicable
https://gist.github.com/TPCchecker/279708bf9c599c836ea66f3a3e0c25e1Broken Link

FAQ

What is CVE-2025-44654?

CVE-2025-44654 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compr...

How severe is CVE-2025-44654?

CVE-2025-44654 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-44654?

Check the references section above for vendor advisories and patch information. Affected products include: Linksys E2500 Firmware, Linksys E2500.