How to fix CVE-2025-5739?

Within 24 hours: Identify all TOTOLIK X15 1.0.0-B20230714.1105 devices on your network and isolate them from untrusted networks; restrict administrative access to the /boafrm/formSaveConfig endpoint. Within 7 days: Implement network segmentation to limit direct internet access to affected devices; deploy WAF rules to block POST requests with suspicious submit-url parameters; evaluate replacement or upgrade options with your vendor. Within 30 days: Execute planned replacement or upgrading of affected devices to non-vulnerable versions; confirm all instances have been remediated and conduct security assessment.

Is X15 Firmware affected by CVE-2025-5739?

TOTOLINK X15 devices running version 1.0.0-B20230714.1105 are vulnerable to remote code execution through a buffer overflow in the configuration handler.

CVE-2025-5739

EUVD-2025-17104 HIGH

2025-06-06 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17104

CVE Published

Jun 06, 2025 - 09:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated attacker can exploit the unsanitized 'submit-url' parameter to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit proof-of-concept available, creating immediate real-world risk.

Technical Context

This vulnerability resides in the HTTP POST request handling mechanism of TOTOLINK X15 router firmware, specifically within the /boafrm/formSaveConfig component. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow weakness. The 'submit-url' parameter lacks proper input validation and buffer boundary checks, allowing an attacker to write beyond allocated memory regions. The affected component processes user-supplied configuration data without adequate length validation, enabling stack or heap corruption depending on the memory layout. The vulnerability affects TOTOLINK X15 devices running firmware build B20230714.1105, which likely represents a residential Wi-Fi router or mesh system commonly deployed in home and small business networks.

Affected Products

X15 (['1.0.0-B20230714.1105'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.7

CVSS: +44

POC: 0

CVE-2025-5739 vulnerability details – vuln.today

Back

CVE-2025-5739

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5739

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code