Cyber Posture

CVE-2025-25609

High

Published: 28 February 2025

Published
28 February 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-25609 is a buffer overflow vulnerability (CWE-120) in the TOTOlink A3002R router on firmware version V1.1.1-B20200824.0128. The flaw arises from improper input validation of the static_ipv6 parameter in the formIpv6Setup interface, which is handled by the /bin/boa web server component.

The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited over an adjacent network with low attack complexity by an attacker possessing low privileges, without user interaction. Exploitation could grant high impacts on confidentiality, integrity, and availability, likely enabling remote code execution or system compromise.

Mitigation details are available in the referenced advisory at https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md.

Details

CWE(s)
CWE-120

Affected Products

totolink
a3002r firmware
1.1.1-b20200824.0128

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in the boa web server component of the router's formIpv6Setup interface directly enables exploitation of the network-accessible web application for remote code execution and system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References