CVE-2025-44657

low-risk

Published 2025-07-21

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.9/10 Low

LOCAL / LOW complexity

Affected Products (1)

Ea6350 Firmware

Affected Vendors

Linksys

References (2)

Broken Link http://ea6350.com

Broken Link https://gist.github.com/TPCchecker/7839fbd329ebd2f9f6b105c4926d4b0c

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal