What is the CVSS score of CVE-2025-5737?

CVE-2025-5737 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of X15 Firmware are affected by CVE-2025-5737?

A critical remote code execution vulnerability exists in TOTOLIK X15 routers that allows unauthenticated attackers to exploit a buffer overflow via HTTP POST requests.

How to fix or mitigate CVE-2025-5737?

Within 24 hours: Inventory all TOTOLINK X15 devices in your environment and isolate affected units from production networks if operationally feasible. Within 7 days: Implement WAF rules to block malicious POST requests to /boafrm/formDosCfg and restrict HTTP access to management interfaces via network segmentation. Within 30 days: Evaluate replacement devices from alternative vendors or contact TOTOLINK for patch availability; document all affected systems and implement enhanced network monitoring for exploitation attempts.

X15 Firmware CVE-2025-5737

EUVD-2025-17106 HIGH

Buffer Overflow (CWE-119)

2025-06-06 cna@vuldb.com

Buffer Overflow TP-Link X15 Firmware TOTOLINK

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17106

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 09:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical remote buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formDosCfg. An authenticated attacker can exploit improper input validation of the 'submit-url' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exploit exists, increasing real-world exploitation risk.

Technical ContextAI

The vulnerability exists in the TOTOLINK X15 router's embedded HTTP server's POST request handler, specifically the formDosCfg functionality. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating classic buffer overflow conditions where user-supplied input via the 'submit-url' parameter is not properly validated before being written to a fixed-size buffer. This affects the embedded web administration interface running on port 8080 or 80 (typical for TOTOLINK devices). The vulnerability chain involves: (1) HTTP POST reception at /boafrm/formDosCfg, (2) insufficient bounds checking on 'submit-url' argument, (3) unsafe string operations (likely strcpy or sprintf variants) leading to stack/heap overflow, (4) potential code execution via return-oriented programming (ROP) or shellcode injection. CPE identification: cpe:2.3:a:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*

RemediationAI

Immediate actions: (1) FIRMWARE UPDATE: Contact TOTOLINK support or check www.totolink.net for patched firmware >1.0.0-B20230714.1105 for X15 model. Vendor typically releases patches 2-6 months post-disclosure; check security advisories on TOTOLINK website for X15 patch timeline. (2) INTERIM MITIGATIONS: (a) Disable remote administration/WAN-side HTTP access to router management interface if not required; restrict access to LAN only, (b) Change default credentials (admin/admin) to strong unique passwords, (c) Implement IP-based access control lists to router management port, (d) Segment router management to isolated VLAN. (3) NETWORK DETECTION: Monitor for POST requests to /boafrm/formDosCfg with unusually long 'submit-url' parameters (>256 bytes suggests overflow attempt). (4) INCIDENT RESPONSE: If router compromise suspected, perform factory reset after patching, re-configure from scratch, audit firewall rules and port forwarding for backdoor persistence.

CVE-2025-5737 vulnerability details – vuln.today

Back

X15 Firmware CVE-2025-5737

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code