3
CVEs
0
Critical
3
High
0
KEV
1
PoC
3
Unpatched C/H
0.0%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
3
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (2)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-10948 | A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.4 | 0.2% | 57 |
PoC
No patch
|
| CVE-2025-6443 | CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation. | HIGH | 7.2 | 0.2% | 36 |
No patch
|
| CVE-2024-54952 | MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.3% | – |
No patch
|