CVE-2025-56008 Keenetic CVE debrief

Who should care

Administrators and operators of Keenetic routers running KeeneticOS before 4.3, especially environments that use or expose the Wireless ISP feature, should treat this as relevant.

Technical summary

The NVD metadata maps this issue to CWE-79 (cross-site scripting) and lists the vulnerable KeeneticOS range as versions before 4.3. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates a low-complexity network attack that depends on user interaction and can affect confidentiality and integrity. The supplied description ties the flaw to the Wireless ISP page and to unauthorized creation of full-permission users.

Defensive priority

Medium priority. Patch or upgrade KeeneticOS to 4.3 or later as soon as practical, because the issue can lead to device compromise if abused.

Recommended defensive actions

• Upgrade KeeneticOS to version 4.3 or later on affected devices.
• Follow the Keenetic security advisory for the October 2025 web API vulnerabilities.
• Review router user accounts and remove any unexpected full-permission users.
• Restrict administrative access to trusted users and minimize unnecessary use of the Wireless ISP page.
• Check configuration and change history for unauthorized updates after user interaction on the router.
• If immediate upgrading is not possible, reduce exposure of router management interfaces and monitor for abnormal account creation or configuration changes.

Evidence notes

The supplied NVD metadata states that KeeneticOS versions before 4.3 are vulnerable and classifies the weakness as CWE-79. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The description provided in the source corpus says the issue is an XSS flaw on the Wireless ISP page that can allow a nearby attacker to add users with full permissions and take over the device. The vendor advisory URL is included in the source corpus as the mitigation reference.

Official resources