Cyber Resilience

CVE-2025-6146

HighPublic PoC

Published: 17 June 2025

Published
17 June 2025
Modified
23 June 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0136 80.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6146 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability classified as critical has been identified in the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. It resides in an unspecified portion of the file /boafrm/formSysLog within the HTTP POST Request Handler component. The flaw stems from improper handling of the submit-url argument, resulting in a buffer overflow condition tracked under CWE-119 and CWE-120. The issue can be triggered remotely without authentication in the base CVSS 4.0 scoring.

An authenticated attacker can send a crafted HTTP POST request to the affected endpoint, supplying oversized input to the submit-url parameter. Successful exploitation grants the ability to overwrite memory regions, potentially leading to arbitrary code execution, denial of service, or full device compromise. Public proof-of-concept code has already been released, confirming remote reachability and lowering the barrier for attempted misuse.

The associated EPSS score remains low and essentially flat, with a current value of 0.0136 against a recorded peak of 0.0137. No official vendor advisory or patch information appears among the referenced sources, which consist primarily of third-party vulnerability databases and a public exploit repository.

EU & UK References

Vulnerability details

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…

more

It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow vulnerability in the public-facing web interface (/boafrm/formSysLog) of TOTOLINK X15 router via remote HTTP POST enables exploitation for initial access.

Affected Assets

totolink
x15 firmware
1.0.0-b20230714.1105

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

References