What is the CVSS score of CVE-2025-6130?

CVE-2025-6130 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Ex1200t Firmware are affected by CVE-2025-6130?

A critical buffer overflow vulnerability affecting TOTOLIK EX1200T routers allows remote attackers to execute arbitrary code without authentication.

Is there a public PoC exploit available for CVE-2025-6130?

Yes, a public proof-of-concept exploit is available for CVE-2025-6130. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6130?

Within 24 hours: Inventory all TOTOLINK EX1200T 4.1.2cu.5232_B20210713 devices in your environment and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices, deploy WAF rules blocking POST requests to /boafrm/formStats, and establish 24/7 monitoring for exploitation attempts. Within 30 days: Develop a firmware upgrade strategy as patches become available, or plan device replacement if the vendor does not release a timely fix.

Ex1200t Firmware CVE-2025-6130

EUVD-2025-18422 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

RCE Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18422

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 20, 2025 - 14:39 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 17:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.