Is there a public PoC exploit available for CVE-2025-11303?

Yes, a public proof-of-concept exploit is available for CVE-2025-11303. Prioritise patching immediately. EPSS: 0.2%.

Belkin F9K1015 CVE-2025-11303

Q: What is the CVSS score of CVE-2025-11303?

CVE-2025-11303 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-10-05 cna@vuldb.com

Command Injection F9K1015 Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:31 vuln.today

DescriptionCVE.org

A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Belkin F9K1015 firmware 1.00.10 allows authenticated remote attackers to execute arbitrary commands via manipulation of the command argument in the /goform/mp endpoint. The vulnerability requires valid user credentials but offers minimal impact due to restricted capabilities (low confidentiality, integrity, and availability effects). Publicly available exploit code exists, though EPSS scoring (0.20%) indicates limited real-world exploitation probability despite public availability.

Technical ContextAI

The vulnerability resides in the /goform/mp file handler within the Belkin F9K1015 router firmware, where user-supplied input in the command parameter is processed without adequate sanitization or validation. This is classified as improper input handling or neutralization of special elements (CWE-74), which represents a broader class of injection flaws. The endpoint likely passes the command argument to system shell execution functions without escaping or validation, allowing attackers to inject shell metacharacters and execute arbitrary system commands. The router's web management interface serves as the attack surface, accessible via HTTP/HTTPS to authenticated users.

RemediationAI

The primary remediation is firmware upgrade to a version newer than 1.00.10 if available from Belkin; however, no patched version is publicly confirmed in the provided data. Contact Belkin technical support to determine current firmware availability, as the vendor has not responded to early disclosure attempts and may not have issued an official security advisory. As an immediate compensating control, restrict access to the web management interface (/goform/mp endpoint) to trusted networks only using firewall rules or access control lists on the router itself. Disable remote management features if not required for operational necessity, as this prevents external access even to authenticated users. Change administrative credentials to strong, unique passwords and enforce multi-factor authentication if supported. Monitor access logs for suspicious command patterns in the /goform/mp endpoint and segment the router on the network to limit the impact of any command execution within its context.

CVE-2025-11303 vulnerability details – vuln.today

Back