CVE-2025-44654
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
21/07/2025
Last modified:
22/07/2025
Description
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL