What is the CVSS score of CVE-2025-6150?

CVE-2025-6150 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of X15 Firmware are affected by CVE-2025-6150?

A publicly disclosed remote code execution vulnerability affects TOTOLIK X15 routers with no available patch, allowing unauthenticated attackers to compromise affected devices.

Is there a public PoC exploit available for CVE-2025-6150?

Yes, a public proof-of-concept exploit is available for CVE-2025-6150. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6150?

Within 24 hours: identify and inventory all TOTOLINK X15 devices (1.0.0-B20230714.1105) in your environment and isolate from critical networks if possible. Within 7 days: implement WAF rules blocking requests to /boafrm/formMultiAP endpoint with suspicious submit-url parameters, and segment affected devices to a restricted VLAN. Within 30 days: develop an upgrade/replacement plan for alternative router models or await vendor patch, prioritizing devices on production networks.

X15 Firmware CVE-2025-6150

EUVD-2025-18453 HIGH

Buffer Overflow (CWE-119)

2025-06-17 cna@vuldb.com

RCE Buffer Overflow TP-Link X15 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18453

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

PoC Detected

Jun 23, 2025 - 19:28 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 01:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.

Technical ContextAI

This vulnerability is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) buffer overflow in embedded router firmware. The affected component is the HTTP POST request handler—likely implemented in C/C++ within the router's web administrative interface. The /boafrm/formMultiAP endpoint processes multi-AP configuration requests, and the 'submit-url' parameter lacks proper bounds checking before being written to a fixed-size buffer. This is typical of legacy embedded device code where memory constraints were less flexible but input validation was often overlooked. The CPE identifier would be: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:* (or similar firmware variant). TOTOLINK devices use proprietary web interfaces typically running on lightweight HTTP servers (often Boa or similar), which have historically been susceptible to memory safety issues.

RemediationAI

No vendor patch details are provided in the CVE description; however, standard remediation approaches include: (1) Immediate: Restrict network access to the HTTP administrative interface using firewall rules (block WAN access to port 80/443 if possible); (2) Temporary mitigation: Change default credentials and disable remote management if not required; (3) Permanent: Monitor TOTOLINK security advisories for a patched firmware version (likely 1.0.0-B20230714.1106 or later). Contact TOTOLINK technical support (support@totolink.net) for patch availability. Until patched, do NOT expose the router's web interface to untrusted networks. Consider network segmentation to isolate administrative access. Firmware update procedures: access router admin panel → System Settings → Firmware Upgrade → select patched binary (when available).