How to fix CVE-2025-65883?

Within 24 hours: Identify and inventory all Genexis P4410 routers running firmware V2-1.41 in your environment and isolate affected devices to restricted network segments if possible. Within 7 days: Implement network access controls restricting administrative access to the router's management interface from trusted IP ranges only, and enforce VPN/bastion host requirements for all remote administrative access. Within 30 days: Monitor vendor communications for patch availability; if no patch is released, evaluate replacement with alternative router models from vendors with active security support, and conduct network forensics on affected devices for signs of compromise.

Is Platinum 4410 Firmware affected by CVE-2025-65883?

Genexis Platinum P4410 routers are vulnerable to remote code execution by local network attackers who can reuse expired administrator session tokens, potentially compromising network infrastructure and enabling lateral movement.

CVE-2025-65883

EUVD-2025-201286 HIGH

2025-12-04 [email protected]

8.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201286

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 23, 2025 - 00:22 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 20:16 nvd

HIGH 8.4

Description

A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2-1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.

Analysis

Technical Context

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Insufficient Session Expiration (CWE-613).

Affected Products

Affected products: Genexis Platinum 4410 Firmware p4410-v2-1.41

Remediation

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +42

POC: +20

CVE-2025-65883 vulnerability details – vuln.today

Back

CVE-2025-65883

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-65883

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code