Cyber Resilience

CVE-2025-25610

High

Published: 28 February 2025

Published
28 February 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25610 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink A3002R Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

TOTOLINK A3002R router firmware version V1.1.1-B20200824.0128 is affected by CVE-2025-25610, a buffer overflow vulnerability (CWE-120) due to improper input validation of the static_gw parameter in the formIpv6Setup interface handled by the /bin/boa web server component. Published on 2025-02-28, the issue carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact.

An attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this vulnerability with low attack complexity and no user interaction. By sending crafted input to the static_gw parameter, the buffer overflow could enable arbitrary code execution, leading to high confidentiality, integrity, and availability impacts, such as full router compromise, data theft, or further network pivoting.

Additional technical details, including analysis of the formIpv6Setup interface, are documented in a GitHub advisory at https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_gw.md. No official patches or vendor mitigations are specified in available information.

EU & UK References

Vulnerability details

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in authenticated web interface (formIpv6Setup) due to improper input validation enables arbitrary code execution on the router; directly maps to T1068 (Exploitation for Privilege Escalation) from low-priv access and T1190 (Exploit Public-Facing Application) via the exposed /bin/boa web server.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25609Same product: Totolink A3002R
CVE-2025-25635Same product: Totolink A3002R
CVE-2025-25579Same product: Totolink A3002R
CVE-2025-55591Same product: Totolink A3002R
CVE-2025-51630Same vendor: Totolink
CVE-2026-31027Same vendor: Totolink
CVE-2026-1686Same vendor: Totolink
CVE-2025-9781Same vendor: Totolink
CVE-2025-67188Same vendor: Totolink
CVE-2025-67186Same vendor: Totolink

Affected Assets

totolink
a3002r firmware
1.1.1-b20200824.0128

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly addresses the root cause by requiring validation of inputs like the static_gw parameter to prevent buffer overflows from improper input handling.

prevent

SI-16 provides memory protections such as ASLR, stack canaries, and DEP to block arbitrary code execution even if a buffer overflow occurs in the web server.

prevent

SI-2 mandates timely identification, reporting, and correction of flaws like this buffer overflow vulnerability through firmware patching.

References