Cyber Resilience

CVE-2025-12239

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
27 October 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 63.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12239 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A3300R Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12239 is a buffer overflow vulnerability affecting the TOTOLINK A3300R router running firmware version 17.0.0cu.557_B20221024. The issue resides in the setDdnsCfg function within the /cgi-bin/cstecgi.cgi file, triggered by specific input manipulation that exceeds buffer boundaries. This flaw is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high levels of confidentiality, integrity, and availability impact (C:H/I:H/A:H), potentially allowing arbitrary code execution, data theft, or device takeover. An exploit is publicly available, as documented in a GitHub repository detailing the vulnerability and proof-of-concept.

Advisories from VulDB (ctiid.329909, id.329909, submit.673721) confirm the remote exploitability and public disclosure, while the manufacturer's site (totolink.net) provides general support resources but no specific patch details in the referenced materials. Security practitioners should isolate affected devices, monitor for anomalous DDNS configuration attempts, and seek firmware updates from TOTOLINK, as the public exploit increases the risk of active exploitation.

The public availability of the exploit on GitHub heightens the urgency for mitigation, marking this as a readily weaponizable flaw in an IoT router commonly deployed in home and small office environments.

EU & UK References

Vulnerability details

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available…

more

to the public and could be exploited.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote buffer overflow vulnerability in the public-facing CGI endpoint (/cgi-bin/cstecgi.cgi#setDdnsCfg) on the TOTOLINK A3300R router enables exploitation of a public-facing application for potential RCE.

CVEs Like This One

CVE-2025-12240Same product: Totolink A3300R
CVE-2025-12259Same product: Totolink A3300R
CVE-2025-12241Same product: Totolink A3300R
CVE-2025-12260Same product: Totolink A3300R
CVE-2025-12258Same product: Totolink A3300R
CVE-2026-5103Same product: Totolink A3300R
CVE-2026-5177Same product: Totolink A3300R
CVE-2026-5178Same product: Totolink A3300R
CVE-2026-31181Same product: Totolink A3300R
CVE-2026-5102Same product: Totolink A3300R

Affected Assets

totolink
a3300r firmware
17.0.0cu.557_b20221024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 Flaw Remediation requires applying firmware patches to fix the buffer overflow in the setDdnsCfg function of cstecgi.cgi, directly preventing remote exploitation.

prevent

SI-10 Information Input Validation enforces bounds checking and sanitization of inputs to the setDdnsCfg CGI function, comprehensively addressing the CWE-119/120 buffer overflow vulnerability.

prevent

SI-16 Memory Protection implements safeguards such as non-executable memory or ASLR to prevent arbitrary code execution even if the buffer overflow in cstecgi.cgi is triggered.

References