CVE-2025-2851 Information

Description

A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus GL-AR300M16 Shadow GL-AR300M Shadow GL-AR750 Creta GL-AR750S-EXT Slate GL-AX1800 Flint GL-AXT1800 Slate AX GL-B1300 Convexa-B GL-B3000 Marble GL-BE3600 Slate 7 GL-E750 GL-E750V2 Mudi GL-MT300N-V2 Mango GL-MT1300 Beryl GL-MT2500 Brume 2 GL-MT3000 Beryl AX GL-MT6000 Flint 2 GL-SFT1200 Opal GL-X300B Collie GL-X750 Spitz GL-X3000 Spitz AX GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://vuldb.com/?ctiid.306288 https://vuldb.com/?id.306288 https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0