What is the CVSS score of CVE-2025-52053?

CVE-2025-52053 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 66.1%.

Which versions of X6000r Firmware are affected by CVE-2025-52053?

Organizations using TOTOLINK X6000R V9.4.0cu.1360_B20241207 face critical risk from CVE-2025-52053, a command injection vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2025-52053?

Yes, a public proof-of-concept exploit is available for CVE-2025-52053. Prioritise patching immediately. EPSS: 66.1%.

How to fix or mitigate CVE-2025-52053?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

X6000r Firmware CVE-2025-52053

CRITICAL

Command Injection (CWE-77)

2025-09-15 cve@mitre.org

Command Injection X6000r Firmware TOTOLINK

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:12 vuln.today

PoC Detected

Sep 20, 2025 - 02:49 vuln.today

Public exploit code

CVE Published

Sep 15, 2025 - 15:15 nvd

CRITICAL 9.8

DescriptionNVD

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

AnalysisAI

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Technical ContextAI

The sub_417D74 function in the router's HTTP server processes the file_name parameter without sanitization, passing it to a system command execution context. No authentication is required. TOTOLINK routers run embedded Linux and the web server typically runs as root.

RemediationAI

Check for firmware updates from TOTOLINK. Disable remote management. Place the router behind a firewall if used in business environments. Consider replacing with a more actively maintained router brand.

CVE-2025-52053 vulnerability details – vuln.today

Back

X6000r Firmware CVE-2025-52053

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code