What is the CVSS score of CVE-2025-6565?

CVE-2025-6565 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Netgear are affected by CVE-2025-6565?

A critical remote code execution vulnerability affects Netgear WNCE3001 devices with no available patch and active public exploits in circulation.

Is there a public PoC exploit available for CVE-2025-6565?

Yes, a public proof-of-concept exploit is available for CVE-2025-6565. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-6565?

Within 24 hours: Identify and inventory all Netgear WNCE3001 devices in production and isolate them to a segregated network segment if possible. Within 7 days: Implement network-based mitigations including WAF rules blocking malformed Host headers, restrict HTTP POST access to trusted sources only, and disable remote management features. Within 30 days: Develop a replacement strategy for WNCE3001 units with alternative vendors or newer Netgear models with security updates, and establish timeline for complete device decommission.

Netgear CVE-2025-6565

EUVD-2025-19007 HIGH

Buffer Overflow (CWE-119)

2025-06-24 cna@vuldb.com

Buffer Overflow Netgear Remote Code Execution

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19007

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Jun 26, 2025 - 18:58 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 13:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-6565 is a critical stack-based buffer overflow vulnerability in Netgear WNCE3001 v1.0.0.50 affecting the HTTP POST request handler's Host parameter processing. An authenticated attacker can remotely exploit this to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploitation code exists, elevating immediate risk.

Technical ContextAI

The vulnerability resides in the http_d component (HTTP daemon) of the Netgear WNCE3001 WiFi range extender, specifically in HTTP POST request handling. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a stack-based buffer overflow when processing the Host header field. The affected product is a network device running embedded firmware version 1.0.0.50. The HTTP server fails to implement proper bounds checking on the Host parameter before writing to a fixed-size stack buffer, allowing an unauthenticated or authenticated attacker to overflow the buffer and corrupt the stack frame, potentially leading to arbitrary code execution. This is a classic memory safety issue common in C-based embedded network services lacking input validation.

RemediationAI

IMMEDIATE: Disconnect affected WNCE3001 devices from network until patching is available; 2. INTERIM: Restrict network access to the device's HTTP interface via firewall rules (port 80/443 ingress filtering); 3. Change default administrative credentials if accessible to reduce authentication bypass risk; 4. Monitor Netgear support pages (netgear.com/support) for firmware security updates; 5. PATCH: When available, upgrade to firmware version >1.0.0.50 (specific patched version not yet identified—contact Netgear support for ETA); 6. LONG-TERM: Consider device replacement if Netgear does not issue timely security patches, as embedded devices often lack extended support lifecycles. Vendors should implement memory-safe programming practices or stack canaries in future releases.

CVE-2025-6565 vulnerability details – vuln.today

Back

Netgear CVE-2025-6565

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code