Cyber Resilience

CVE-2025-12260

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
28 October 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 54.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12260 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A3300R Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12260 is a stack-based buffer overflow vulnerability affecting the TOTOLINK A3300R router on firmware version 17.0.0cu.557_B20221024. The flaw resides in the setSyslogCfg function within the /cgi-bin/cstecgi.cgi file, part of the POST Parameter Handler component. It is triggered by manipulation of the "enable" argument and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-119 and CWE-121. The vulnerability was published on 2025-10-27.

An attacker with low privileges can exploit this remotely over the network by sending a crafted request to the vulnerable endpoint. No user interaction is required, and the low complexity enables reliable exploitation. Successful attacks can result in high-impact compromise of confidentiality, integrity, and availability, likely enabling remote code execution via the stack-based buffer overflow.

An exploit has been publicly disclosed on GitHub, increasing the risk of active use. Security advisories on VulDB provide further details, and practitioners should check the vendor site at www.totolink.net for patches or mitigation recommendations.

EU & UK References

Vulnerability details

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible…

more

to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the web CGI endpoint (/cgi-bin/cstecgi.cgi) enables remote code execution via exploitation of a public-facing application on the router.

CVEs Like This One

CVE-2025-12259Same product: Totolink A3300R
CVE-2025-12241Same product: Totolink A3300R
CVE-2025-12258Same product: Totolink A3300R
CVE-2025-12239Same product: Totolink A3300R
CVE-2025-12240Same product: Totolink A3300R
CVE-2026-5103Same product: Totolink A3300R
CVE-2026-5177Same product: Totolink A3300R
CVE-2026-5178Same product: Totolink A3300R
CVE-2026-31181Same product: Totolink A3300R
CVE-2026-5102Same product: Totolink A3300R

Affected Assets

totolink
a3300r firmware
17.0.0cu.557_b20221024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely patching or remediation of the stack-based buffer overflow vulnerability in the setSyslogCfg function.

prevent

Requires validation of the 'enable' POST parameter to prevent the buffer overflow triggered by malformed input.

prevent

Implements memory protection mechanisms such as stack canaries and ASLR to mitigate exploitation of the stack-based buffer overflow.

References