CVE-2025-44657

low

Description

In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

References

https://gist.github.com/TPCchecker/7839fbd329ebd2f9f6b105c4926d4b0c

Details

Source: Mitre, NVD

Published: 2025-07-21

Updated: 2026-07-05

Risk Information

CVSS v2

Base Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.9

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Severity: Low

EPSS

EPSS: 0.00022