CVE-2025-7913
Published: 21 July 2025
Summary
CVE-2025-7913 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical buffer overflow vulnerability exists in the TOTOLINK T6 router running firmware version 4.1.5cu.748_B20211015. The flaw resides in the updateWifiInfo function of the MQTT Service component, where improper handling of the serverIp argument can trigger memory corruption. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.
An authenticated remote attacker can supply a crafted serverIp value over the network to overflow the buffer, potentially leading to arbitrary code execution or denial of service with high impact on confidentiality, integrity, and availability. The attack requires low attack complexity and no user interaction, and a working proof-of-concept has already been published.
Public references consist of a detailed vulnerability report and exploit code on GitHub along with entries in the VulDB database; no vendor advisory or patch information is referenced in the available sources. The associated EPSS score remains low, moving only from 0.0136 to a peak of 0.0137, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22046
Vulnerability details
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack…
more
remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in remote MQTT service enables exploitation of remote services for RCE on the device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of the serverIp argument in the updateWifiInfo function, directly preventing buffer overflow exploitation.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow attempts in the MQTT service.
Requires timely remediation of the buffer overflow flaw in TOTOLINK T6 firmware via patching or upgrades.