CVE-2025-5785 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-5785 PUBLISHED CVSS 8.699999809265137 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS 0.80% · 73.9th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

EPSS Score

0.80%

73.9th percentile

Affected Products

Vendor	Product	Versions
totolink	x15_firmware	1.0.0-b20230714.1105
TOTOLINK	X15	1.0.0-B20230714.1105

Timeline

Jun 6, 2025 CVE Published
Jun 6, 2025 CVE Updated
Jun 6, 2025 PoC Published
Jun 7, 2025 EPSS Score
Jun 10, 2025 PoC Published
Jun 17, 2025 EPSS Score
Jun 27, 2025 EPSS Score
Jul 7, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 27, 2025 EPSS Score
Aug 6, 2025 EPSS Score
Aug 16, 2025 EPSS Score

References

VDB-311333 | TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow vdb
VDB-311333 | CTI Indicators (IOB, IOC, IOA) url
Submit #591210 | TOTOLINK X15 V1.0.0-B20230714.1105 Buffer Overflow third-party-advisory
https://github.com/Lena-lyy/cve/blob/main/7.md exploit
https://www.totolink.net/ url
https://nvd.nist.gov/vuln/detail/CVE-2025-5785 advisory
https://www.totolink.net url

Open in Interactive Console →