Cyber Resilience

CVE-2025-6542

CriticalRCE

Published: 21 October 2025

Published
21 October 2025
Modified
24 October 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 34.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6542 is a critical-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Er8411 Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-6542 is a critical OS command injection vulnerability (CWE-78) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), published on 2025-10-21T01:15:37.063. It affects TP-Link Omada networking products, including various router models listed under Omada routers, Omada Pro wired routers, and SOHO Festa gateways.

A remote unauthenticated attacker can exploit the vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables execution of arbitrary OS commands on the affected product, resulting in high impacts to confidentiality, integrity, and availability.

Vendor advisories and product details for mitigation, including patches where available, are provided at https://support.omadanetworks.com/en/document/108455/, https://www.omadanetworks.com/us/business-networking/all-omada-router/, https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/, and https://www.tp-link.com/us/business-networking/soho-festa-gateway/.

EU & UK References

Vulnerability details

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

CVE enables unauthenticated remote exploitation of public-facing application (T1190) leading to arbitrary OS command execution on network devices (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15518Same vendor: Tp-Link
CVE-2025-15519Same vendor: Tp-Link
CVE-2026-22222Same vendor: Tp-Link
CVE-2026-22224Same vendor: Tp-Link
CVE-2026-0631Same vendor: Tp-Link
CVE-2026-22225Same vendor: Tp-Link
CVE-2026-30815Same vendor: Tp-Link
CVE-2026-3841Same vendor: Tp-Link
CVE-2026-22226Same vendor: Tp-Link
CVE-2026-0654Same vendor: Tp-Link

Affected Assets

tp-link
er8411 firmware
1.3.3 · ≤ 1.3.3
tp-link
er7412-m2 firmware
1.1.0 · ≤ 1.1.0
tp-link
er707-m2 firmware
1.3.1 · ≤ 1.3.1
tp-link
er7206 firmware
2.2.2 · ≤ 2.2.2
tp-link
er605 firmware
2.3.1 · ≤ 2.3.1
tp-link
er706w firmware
1.2.1 · ≤ 1.2.1
tp-link
er706w-4g firmware
1.2.1 · ≤ 1.2.1
tp-link
er7212pc firmware
2.1.3 · ≤ 2.1.3
tp-link
g36 firmware
1.1.4 · ≤ 1.1.4
tp-link
g611 firmware
1.2.2 · ≤ 1.2.2
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the OS command injection vulnerability by requiring timely application of vendor-provided patches for affected TP-Link Omada products.

prevent

Prevents arbitrary OS command execution by enforcing input validation and error handling on network-facing interfaces vulnerable to CWE-78 injection.

prevent

Limits remote unauthenticated network access to the vulnerable router management interfaces through boundary protection controls.

References