CVE-2025-28025

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Apr 23, 2025

Updated: May 6, 2025

CWE ID 120

Summary

CVE-2025-28025 is a newly discovered buffer overflow vulnerability affecting specific versions of firmware for TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129. The vulnerability is located within the 'downloadFile.cgi' component and can be exploited through manipulation of the 'v14' parameter, potentially leading to unintended code execution or denial of service conditions. Users are encouraged to update their firmware to address this issue promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4N6u2P
https://www.cve.org/CVERecord?id=CVE-2025-28025
https://nvd.nist.gov/vuln/detail/CVE-2025-28025

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2025-28025

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations