CVE-2025-2811

Public Exploit
GL.iNet GL-A1300 Slate Plus API redos

Description

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.

Category

6.9
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.03%
Third-Party Advisory vuldb.com
Affected: GL.iNet GL-A1300 Slate Plus
Affected: GL.iNet GL-AR300M16 Shadow
Affected: GL.iNet GL-AR300M Shadow
Affected: GL.iNet GL-AR750 Creta
Affected: GL.iNet GL-AR750S-EXT Slate
Affected: GL.iNet GL-AX1800 Flint
Affected: GL.iNet GL-AXT1800 Slate AX
Affected: GL.iNet GL-B1300 Convexa-B
Affected: GL.iNet GL-B3000 Marble
Affected: GL.iNet GL-BE3600 Slate 7
Affected: GL.iNet GL-E750
Affected: GL.iNet GL-E750V2 Mudi
Affected: GL.iNet GL-MT300N-V2 Mango
Affected: GL.iNet GL-MT1300 Beryl
Affected: GL.iNet GL-MT2500 Brume 2
Affected: GL.iNet GL-MT3000 Beryl AX
Affected: GL.iNet GL-MT6000 Flint 2
Affected: GL.iNet GL-SFT1200 Opal
Affected: GL.iNet GL-X300B Collie
Affected: GL.iNet GL-X750 Spitz
Affected: GL.iNet GL-X3000 Spitz AX
Affected: GL.iNet GL-XE300 Puli
Affected: GL.iNet GL-XE3000 Puli AX
Published at:
Updated at:

References

Link Tags
https://vuldb.com/?id.306286 vdb entry
https://vuldb.com/?ctiid.306286 signature permissions required
https://vuldb.com/?submit.524459 third party advisory
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn't%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md related
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/ patch

Frequently Asked Questions

What is the severity of CVE-2025-2811?
CVE-2025-2811 has been scored as a medium severity vulnerability.
How to fix CVE-2025-2811?
To fix CVE-2025-2811, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-2811 being actively exploited in the wild?
It is possible that CVE-2025-2811 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2811?
CVE-2025-2811 affects GL.iNet GL-A1300 Slate Plus, GL.iNet GL-AR300M16 Shadow, GL.iNet GL-AR300M Shadow, GL.iNet GL-AR750 Creta, GL.iNet GL-AR750S-EXT Slate, GL.iNet GL-AX1800 Flint, GL.iNet GL-AXT1800 Slate AX, GL.iNet GL-B1300 Convexa-B, GL.iNet GL-B3000 Marble, GL.iNet GL-BE3600 Slate 7, GL.iNet GL-E750, GL.iNet GL-E750V2 Mudi, GL.iNet GL-MT300N-V2 Mango, GL.iNet GL-MT1300 Beryl, GL.iNet GL-MT2500 Brume 2, GL.iNet GL-MT3000 Beryl AX, GL.iNet GL-MT6000 Flint 2, GL.iNet GL-SFT1200 Opal, GL.iNet GL-X300B Collie, GL.iNet GL-X750 Spitz, GL.iNet GL-X3000 Spitz AX, GL.iNet GL-XE300 Puli, GL.iNet GL-XE3000 Puli AX.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.