CVE-2025-61941

CVSS 8.6 HIGHEPSS 0.5%CWE-22

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.6EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

BUFFALO INC. · WXR9300BE6P series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/vu/JVNVU96471278/https://www.buffalo.jp/news/detail/20251014-01.html