Is there a public PoC exploit available for CVE-2025-15258?

Yes, a public proof-of-concept exploit is available for CVE-2025-15258. Prioritise patching immediately. EPSS: 0.0%.

Edimax BR-6208AC CVE-2025-15258

Q: What is the CVSS score of CVE-2025-15258?

CVE-2025-15258 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2025-12-30 cna@vuldb.com

Open Redirect Br 6208ac Firmware

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:45 vuln.today

DescriptionCVE.org

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Open redirect vulnerability in Edimax BR-6208AC firmware versions 1.02 and 1.03 allows authenticated remote attackers to redirect users to arbitrary websites via manipulation of the wlan-url parameter in the formALGSetup web interface function. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, resulting in limited integrity impact. Public exploit code is available, but the device has reached end-of-life status with no further firmware updates planned by Edimax.

Technical ContextAI

The vulnerability exists in the web-based configuration interface component, specifically in the /goform/formALGSetup endpoint. The issue is a classic open redirect flaw (CWE-601) where unsanitized user input in the wlan-url parameter is reflected back without validation or safe redirection practices. This allows attackers to craft URLs that appear to originate from the trusted device but redirect to attacker-controlled domains, commonly used in phishing campaigns. The vulnerability affects the BR-6208AC V2 router's administrative interface, which processes configuration requests through this vulnerable form handler.

RemediationAI

No vendor-released patch is available - Edimax explicitly confirmed that the BR-6208AC V2 is end-of-life and will receive no further firmware updates or patches. The primary remediation is device replacement with a current Edimax model or alternative router from an actively supported manufacturer. Organizations still operating BR-6208AC devices should immediately decommission them if possible. If continued temporary operation is unavoidable, compensating controls include: (1) restrict administrative web interface access via firewall rules, permitting only trusted internal subnets or VPN access to the device's management port; (2) disable or isolate the ALG (Application Layer Gateway) configuration feature if not operationally necessary; (3) enforce administrator credential changes and implement strong authentication on any legacy device access. These controls reduce exposure but do not remediate the underlying vulnerability.

More from same product – last 7 days

CVE-2026-53523 MEDIUM This Month

6.8 Jun 12

Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire

CVE-2026-45566 MEDIUM This Month

6.1 Jun 10

Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent

CVE-2026-50089 MEDIUM This Month

6.1 Jun 12

Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara

CVE-2026-10837 MEDIUM This Month

5.1 Jun 17

Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP

CVE-2026-10839 MEDIUM This Month