CVE-2025-25579
Published: 28 March 2025
Summary
CVE-2025-25579 is a critical-severity OS Command Injection (CWE-78) vulnerability in Totolink A3002R Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
TOTOLINK A3002R firmware version V4.0.0-B20230531.1404 contains a command injection vulnerability in the /bin/boa component triggered through the bandstr parameter. The flaw is tracked as CVE-2025-25579 with a CVSS 3.1 score of 9.8 and is classified under CWE-78.
Unauthenticated attackers with network access can supply crafted input to the affected parameter and execute arbitrary operating system commands on the device. Successful exploitation grants full control over the router, enabling impacts to confidentiality, integrity, and availability without requiring user interaction or credentials.
Public proof-of-concept code demonstrating remote command execution has been published on GitHub. No vendor advisory or official patch information is referenced in the available sources.
The CVE carries an EPSS score with a recorded peak of 0.3849 and a current value of 0.3298, indicating sustained moderate exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8669
Vulnerability details
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated OS command injection via the web interface (boa) on a network device (router), enabling exploitation of a public-facing application (T1190) and command/script execution using the network device CLI/interpreter (T1059.008).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates command injection by requiring validation of untrusted inputs like the bandstr parameter in the /bin/boa web component.
Addresses the root cause by requiring timely identification, reporting, and correction of the specific command injection flaw in TOTOLINK A3002R firmware.
Enables periodic and event-driven vulnerability scanning to identify the CVE-2025-25579 command injection vulnerability in the affected router firmware.