CVE-2025-56009 Keenetic CVE debrief

Who should care

Administrators and MSPs managing KeeneticOS devices, especially any systems with remote or internet-facing management access, plus security teams responsible for edge-device hardening and account review.

Technical summary

NVD lists KeeneticOS as vulnerable through versions before 4.3, with the affected CPE recorded as cpe:2.3:o:keenetic:keeneticos:* and an endExcluding version of 4.3. The issue is at the /rci API endpoint and is mapped to CWE-352. The CVE narrative says malicious web content can trigger creation of additional users with full permissions; the NVD CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Defensive priority

Medium. The official CVSS score is 5.3, but the described outcome affects administrative control, so exposed KeeneticOS deployments should be reviewed promptly and upgraded to 4.3 or later.

Recommended defensive actions

• Upgrade KeeneticOS to version 4.3 or later.
• Review the Keenetic security advisory linked from the CVE record for vendor guidance.
• Restrict access to router management and API interfaces, including /rci, to trusted administration paths.
• Audit user accounts and permissions for unauthorized additions or changes.
• If exposure is suspected, reset credentials and verify configuration integrity.
• Apply future KeeneticOS security updates promptly.

Evidence notes

Official records show the CVE was published on 2025-10-23 and last modified on 2026-05-20. NVD lists KeeneticOS before 4.3 as vulnerable, maps the issue to CWE-352, and provides CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The source corpus also includes a vendor security advisory link for October 2025 web API vulnerabilities and a community writeup reference, but the debrief here is grounded in the official CVE/NVD data and the vendor advisory link listed in the record.

Official resources