Cyber Resilience

CVE-2025-7913

HighPublic PoC

Published: 21 July 2025

Published
21 July 2025
Modified
23 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0136 80.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7913 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A critical buffer overflow vulnerability exists in the TOTOLINK T6 router running firmware version 4.1.5cu.748_B20211015. The flaw resides in the updateWifiInfo function of the MQTT Service component, where improper handling of the serverIp argument can trigger memory corruption. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.

An authenticated remote attacker can supply a crafted serverIp value over the network to overflow the buffer, potentially leading to arbitrary code execution or denial of service with high impact on confidentiality, integrity, and availability. The attack requires low attack complexity and no user interaction, and a working proof-of-concept has already been published.

Public references consist of a detailed vulnerability report and exploit code on GitHub along with entries in the VulDB database; no vendor advisory or patch information is referenced in the available sources. The associated EPSS score remains low, moving only from 0.0136 to a peak of 0.0137, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack…

more

remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Buffer overflow in remote MQTT service enables exploitation of remote services for RCE on the device.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8170Same product: Totolink T6
CVE-2025-7912Same product: Totolink T6
CVE-2025-7460Same product: Totolink T6
CVE-2025-7758Same product: Totolink T6
CVE-2025-7837Same product: Totolink T6
CVE-2025-7862Same product: Totolink T6
CVE-2025-7614Same product: Totolink T6
CVE-2025-7613Same product: Totolink T6
CVE-2025-7524Same product: Totolink T6
CVE-2025-7525Same product: Totolink T6

Affected Assets

totolink
t6 firmware
v4.1.5cu.748_b20211015

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of the serverIp argument in the updateWifiInfo function, directly preventing buffer overflow exploitation.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow attempts in the MQTT service.

prevent

Requires timely remediation of the buffer overflow flaw in TOTOLINK T6 firmware via patching or upgrades.

References