What is the CVSS score of CVE-2025-5503?

CVE-2025-5503 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.7%.

Which versions of X15 Firmware are affected by CVE-2025-5503?

TOTOLINK X15 routers are vulnerable to remote code execution through a stack-based buffer overflow with a public exploit actively available.

Is there a public PoC exploit available for CVE-2025-5503?

Yes, a public proof-of-concept exploit is available for CVE-2025-5503. Prioritise patching immediately. EPSS: 0.7%.

How to fix or mitigate CVE-2025-5503?

Within 24 hours: Identify and inventory all TOTOLIK X15 devices (version 1.0.0-B20230714.1105) in your network; isolate affected devices from production networks if possible and restrict administrative access. Within 7 days: Implement network segmentation to limit device access, block inbound connections to port ranges used by vulnerable services, and deploy WAF/IDS rules to detect exploitation attempts targeting /boafrm/formMapReboot. Within 30 days: Replace affected devices with alternative vendor equipment or identify and test vendor firmware updates if released; document all affected assets and conduct network access audit.

X15 Firmware CVE-2025-5503

EUVD-2025-16742 HIGH

Buffer Overflow (CWE-119)

2025-06-03 cna@vuldb.com

Buffer Overflow X15 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16742

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 17, 2025 - 20:40 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 15:16 nvd

HIGH 8.8

DescriptionNVD

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Technical ContextAI

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

CVE-2025-5503 vulnerability details – vuln.today

Back

X15 Firmware CVE-2025-5503

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code