CVE-2025-25609

High

Published: 28 February 2025

Published

28 February 2025

Modified

03 April 2025

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 19.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25609 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink A3002R Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of inputs like the static_ipv6 parameter to prevent buffer overflow vulnerabilities in the formIpv6Setup interface.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, and DEP to block exploitation of buffer overflows for remote code execution.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of the specific buffer overflow flaw in the /bin/boa web server component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in the boa web server component of the router's formIpv6Setup interface directly enables exploitation of the network-accessible web application for remote code execution and system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa

Deeper analysisAI

CVE-2025-25609 is a buffer overflow vulnerability (CWE-120) in the TOTOlink A3002R router on firmware version V1.1.1-B20200824.0128. The flaw arises from improper input validation of the static_ipv6 parameter in the formIpv6Setup interface, which is handled by the /bin/boa web server component.

The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited over an adjacent network with low attack complexity by an attacker possessing low privileges, without user interaction. Exploitation could grant high impacts on confidentiality, integrity, and availability, likely enabling remote code execution or system compromise.

Mitigation details are available in the referenced advisory at https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md.

Details

CWE(s): CWE-120

Affected Products

totolink

a3002r firmware

1.1.1-b20200824.0128

CVEs Like This One

CVE-2025-25635Same product: Totolink A3002R

CVE-2025-25610Same product: Totolink A3002R

CVE-2025-25579Same product: Totolink A3002R

CVE-2025-55591Same product: Totolink A3002R

CVE-2025-67186Same vendor: Totolink

CVE-2026-31027Same vendor: Totolink

CVE-2025-67188Same vendor: Totolink

CVE-2025-51630Same vendor: Totolink

CVE-2025-9780Same vendor: Totolink

CVE-2026-1157Same vendor: Totolink

References

https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md
Broken Link · cve@mitre.org