What is the CVSS score of EUVD-2025-18480?

EUVD-2025-18480 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of X15 Firmware are affected by EUVD-2025-18480?

A critical remote code execution vulnerability affects TOTOLIK X15 routers with a public exploit available and no patch currently available.

Is there a public PoC exploit available for EUVD-2025-18480?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18480. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate EUVD-2025-18480?

Within 24 hours: Identify and inventory all TOTOLINK X15 devices in your environment; isolate affected devices from production networks if operationally feasible. Within 7 days: Implement network segmentation to restrict access to the vulnerable HTTP POST endpoint (/boafrm/formTmultiAP); deploy WAF rules to block malicious submit-url parameter payloads; consider replacing devices with patched alternatives if available from vendor. Within 30 days: Complete device replacement or firmware upgrade once vendor releases a patch; conduct forensic analysis for signs of compromise; implement enhanced monitoring on remaining devices.

X15 Firmware EUVD-2025-18480

| CVE-2025-6165 HIGH

Buffer Overflow (CWE-119)

2025-06-17 cna@vuldb.com

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18480

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

PoC Detected

Jun 23, 2025 - 18:54 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 06:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web management interface, specifically in the /boafrm/formTmultiAP endpoint. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input via the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This affects TOTOLINK X15 routers running firmware version 1.0.0-B20230714.1105. The HTTP POST handler processes multi-AP (access point) configuration requests, and the unsanitized parameter creates an arbitrary memory write primitive. CPE identification: vendor:totolink, product:x15, version:1.0.0-b20230714.1105. The vulnerability involves stack or heap-based buffer overflow depending on buffer allocation strategy used in the formTmultiAP handler.

RemediationAI

Firmware Update: Contact TOTOLINK support or check their official support portal for a patched firmware version newer than 1.0.0-B20230714.1105. Apply the update immediately through the router's web interface or recovery procedure.; priority: CRITICAL Temporary Mitigation (if patch unavailable): Restrict network access to the router's web management interface: (1) Disable remote management if enabled; (2) Use firewall rules to limit HTTP/HTTPS access to trusted IPs only; (3) Change default administrative credentials to strong, unique passwords; (4) Isolate the router on a segregated management network.; priority: HIGH Detection: Monitor for HTTP POST requests to /boafrm/formTmultiAP with unusually long 'submit-url' parameters (>256 bytes typical); enable router logging if available.; priority: MEDIUM Workaround: If multi-AP functionality is not required, disable it through the router's configuration interface to reduce attack surface.; priority: MEDIUM

EUVD-2025-18480 vulnerability details – vuln.today

Back

X15 Firmware EUVD-2025-18480

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code