CVE-2025-52089
Published: 11 July 2025
Summary
CVE-2025-52089 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Totolink N300Rb Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2025-52089 is a hidden remote support feature in TOTOLINK N300RB firmware version 8.54 that is protected only by a static secret. The flaw, tracked under CWE-306, permits an attacker who knows the secret to invoke arbitrary operating-system commands with root privileges. The vulnerability carries a CVSS 3.1 base score of 8.8, reflecting network-adjacent attack vector, low complexity, and no required user interaction.
An authenticated attacker positioned on the same network segment can supply the static credential to unlock the concealed interface and then execute commands that fully compromise the device, including reading or modifying sensitive data and altering device behavior. The CVSS vector indicates that no prior administrative privileges on the router itself are needed beyond knowledge of the secret.
The single reference points to a technical write-up that details discovery of the debug interface; no vendor advisory, firmware patch, or mitigation guidance is provided in the available sources.
EPSS for the CVE rose from a low baseline to a peak of 0.0474 before settling at the current value of 0.0320, indicating measurable post-disclosure interest in exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21164
Vulnerability details
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in hidden remote support feature (static secret, missing auth per CWE-306) directly enables unauthenticated RCE as root on adjacent network, mapping to public-facing app exploitation and Unix shell command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
CM-7 Least Functionality prohibits or restricts unnecessary functions such as hidden remote support features, directly preventing their availability for exploitation.
MA-4 Nonlocal Maintenance requires approval, management, and policy-compliant use of remote diagnostic tools, mitigating hidden remote support interfaces.
IA-5 Authenticator Management prohibits static secrets and enforces proper handling of authenticators protecting critical functions like remote command execution.