What is the CVSS score of CVE-2025-5789?

CVE-2025-5789 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of X15 Firmware are affected by CVE-2025-5789?

A remote code execution vulnerability affecting TOTOLINK X15 routers (version 1.0.0-B20230714.1105) has been publicly disclosed with no patch currently available.

How to fix or mitigate CVE-2025-5789?

Within 24 hours: Inventory all TOTOLIK X15 devices in your environment and isolate affected units from critical network segments if possible. Within 7 days: Implement network access controls restricting HTTP POST requests to the /boafrm/formPortFw endpoint, deploy WAF rules blocking requests with suspicious service_type parameters, and disable remote management if operationally feasible. Within 30 days: Evaluate replacement or firmware upgrade options when patches become available, or migrate critical functions to alternative equipment.

X15 Firmware CVE-2025-5789

EUVD-2025-17350 HIGH

Buffer Overflow (CWE-119)

2025-06-06 cna@vuldb.com

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17350

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 18:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Technical ContextAI

The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition. The affected component is the HTTP POST request handler in TOTOLINK X15 wireless routers, specifically processing requests to /boafrm/formPortFw. The 'service_type' parameter lacks proper input validation and boundary checking, allowing an attacker to write beyond allocated buffer boundaries. The affected device is identified by CPE: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*. This class of vulnerability typically affects embedded device firmware where memory constraints and simplified input handling create exploitation opportunities. The HTTP POST handler processes form data without adequate size validation before copying to stack or heap-allocated buffers.

CVE-2025-5789 vulnerability details – vuln.today

Back

X15 Firmware CVE-2025-5789

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code