CVE-2025-6399

| EUVD-2025-18804 HIGH
2025-06-21 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18804
PoC Detected
Jun 25, 2025 - 20:13 vuln.today
Public exploit code
CVE Published
Jun 21, 2025 - 04:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link X15 Firmware TOTOLINK

Description

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK X15's web interface, specifically in the /boafrm/formIPv6Addr functionality. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow defect where user-supplied input in the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This occurs in firmware version 1.0.0-B20230714.1105 running on TOTOLINK X15 wireless routers (CPE: totolink:x15). The affected component is the HTTP POST request handler, indicating a web-facing attack surface. The lack of input sanitization on what appears to be a URL field allows an attacker to overflow adjacent memory regions and potentially overwrite return addresses or other critical data structures to achieve arbitrary code execution.

Affected Products

X15 (['1.0.0-B20230714.1105'])

Remediation

Patch/Firmware Update: Contact TOTOLINK support or monitor their security advisories for a patched firmware version beyond 1.0.0-B20230714.1105. Check TOTOLINK's official website (totolink.net) for firmware updates.; priority: Critical—apply immediately upon availability Workaround/Mitigation: Restrict HTTP access to the router's web management interface via firewall rules; limit administrative access to trusted IP ranges only; disable remote management if not required; applicability: Temporary; does not fix the underlying vulnerability Compensating Control: Implement network segmentation to isolate the router from less trusted network segments; use strong authentication credentials; disable default admin accounts if changeable; applicability: Risk reduction measure pending patch availability Monitoring: Monitor router logs for suspicious POST requests to /boafrm/formIPv6Addr with unusual submit-url parameters; watch for system crashes or unexpected process execution; applicability: Detection of exploitation attempts

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +44
POC: +20

Share

CVE-2025-6399 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy