CVE-2025-12943

11.11.2025, 17:15

Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.

Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.



Fixed in:



RAX30 firmware
1.0.14.108 or later.



RAXE300 firmware
1.0.9.82 or later

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
NETGEAR	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025

https://www.netgear.com/support/product/rax30

https://www.netgear.com/support/product/raxe300