6
CVEs
0
Critical
3
High
0
KEV
3
PoC
3
Unpatched C/H
0.0%
Patch Rate
1.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
3
MEDIUM
3
LOW
0
Monthly CVE Trend
Affected Products (1)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-10948 | A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.4 | 0.2% | 57 |
PoC
No patch
|
| CVE-2026-7668 | Out-of-bounds read in MikroTik RouterOS 6.49.8 SCEP endpoint allows remote unauthenticated attackers to trigger memory disclosure and potential service disruption via malformed transactionID or messageType parameters. Public exploit code exists on GitHub. CVSS 7.3 reflects network-accessible attack surface with low complexity, though impact is rated limited across confidentiality, integrity, and availability. Vendor non-responsive to coordinated disclosure attempts. | MEDIUM | 5.5 | 0.0% | 48 |
PoC
No patch
|
| CVE-2025-6443 | CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation. | HIGH | 7.2 | 0.2% | 36 |
No patch
|
| CVE-2025-42611 | RouterOS fails to properly validate certificate scope across its shared system certificate store, allowing any trusted certificate authority to authenticate in contexts beyond its intended scope. This vulnerability enables partial or full authentication bypass in OpenVPN, CAPsMAN, and 802.1X (Dot1x) services, affecting all RouterOS versions that use the vulnerable shared certificate validation logic. The vulnerability requires network access but no user interaction or authentication, making it remotely exploitable against default configurations. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|
| CVE-2024-54772 | An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.4 | 4.9% | – |
PoC
No patch
|
| CVE-2024-54952 | MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.3% | – |
No patch
|