Check Point Advisories

Linksys Multiple Products Command Injection (CVE-2025-5443; CVE-2025-5444; CVE-2025-5445; CVE-2025-5446; CVE-2025-8818; CVE-2025-8821; CVE-2025-8823; CVE-2025-8825; CVE-2025-8827; CVE-2025-8828; CVE-2025-8829; CVE-2025-8830; CVE-2025-9575)

Vulnerability
Protection

Check Point Reference:	CPAI-2025-3429
Date Published:	30 Jul 2025
Severity:	Critical
Last Updated:	Tuesday 28 October, 2025
Source:
Industry Reference:	CVE-2025-5443 CVE-2025-5444 CVE-2025-5445 CVE-2025-5446 CVE-2025-8818 CVE-2025-8821 CVE-2025-8823 CVE-2025-8825 CVE-2025-8827 CVE-2025-8828 CVE-2025-8829 CVE-2025-8830 CVE-2025-9575
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?	Linksys RE9000 firmware version 1.0.04.002 Linksys RE6250 firmware version 1.0.04.001 Linksys RE6300 firmware version 1.2.07.001 Linksys RE6350 firmware version 1.0.04.001 Linksys RE7000 firmware version 1.1.05.003 Linksys RE6500 firmware version 1.0.013.001
Vulnerability Description	A command injection vulnerability exists in multiple Linksys products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

In the IPS tab, click Protections and find the Linksys Multiple Products Command Injection protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Application Servers Protection Violation.
Attack Information: Linksys Multiple Products Command Injection