What is the CVSS score of CVE-2025-5875?

CVE-2025-5875 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of IoT are affected by CVE-2025-5875?

A critical remote code execution vulnerability affects TP-LINK TL-IPC544EP-W4 IP cameras with no available patch and active public exploits in circulation.

Is there a public PoC exploit available for CVE-2025-5875?

Yes, a public proof-of-concept exploit is available for CVE-2025-5875. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-5875?

Within 24 hours: Inventory all affected TP-LINK camera models and isolate them to a dedicated VLAN with restricted egress. Within 7 days: Evaluate replacement options or vendor alternatives; contact TP-LINK support formally to escalate patch development timeline. Within 30 days: Complete migration off affected devices or implement compensating controls (network segmentation, WAF rules, disable remote access) and increase monitoring for exploitation attempts.

IoT CVE-2025-5875

EUVD-2025-17460 HIGH

Buffer Overflow (CWE-119)

2025-06-09 cna@vuldb.com

RCE Buffer Overflow TP-Link IoT Tl Ipc544ep W4 Firmware

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17460

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

PoC Detected

Jun 23, 2025 - 14:21 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 12:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Technical ContextAI

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity. Affects A vulnerability classified as critical.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

More from same product – last 7 days

CVE-2026-3294 HIGH This Week

8.7 May 22

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac

CVE-2026-34126 HIGH This Week

7.3 May 28

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a

CVE-2025-5875 vulnerability details – vuln.today

Back

IoT CVE-2025-5875

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code