How to fix CVE-2025-5789?

Within 24 hours: Inventory all TOTOLIK X15 devices in your environment and isolate affected units from critical network segments if possible. Within 7 days: Implement network access controls restricting HTTP POST requests to the /boafrm/formPortFw endpoint, deploy WAF rules blocking requests with suspicious service_type parameters, and disable remote management if operationally feasible. Within 30 days: Evaluate replacement or firmware upgrade options when patches become available, or migrate critical functions to alternative equipment.

Is X15 Firmware affected by CVE-2025-5789?

A remote code execution vulnerability affecting TOTOLINK X15 routers (version 1.0.0-B20230714.1105) has been publicly disclosed with no patch currently available.

CVE-2025-5789

EUVD-2025-17350 HIGH

2025-06-06 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17350

CVE Published

Jun 06, 2025 - 18:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Technical Context

The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition. The affected component is the HTTP POST request handler in TOTOLINK X15 wireless routers, specifically processing requests to /boafrm/formPortFw. The 'service_type' parameter lacks proper input validation and boundary checking, allowing an attacker to write beyond allocated buffer boundaries. The affected device is identified by CPE: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*. This class of vulnerability typically affects embedded device firmware where memory constraints and simplified input handling create exploitation opportunities. The HTTP POST handler processes form data without adequate size validation before copying to stack or heap-allocated buffers.

Affected Products

X15 (['1.0.0-B20230714.1105'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: 0

CVE-2025-5789 vulnerability details – vuln.today

Back

CVE-2025-5789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code