CVE-2025-8139
Published: 25 July 2025
Summary
CVE-2025-8139 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflows by requiring validation and sanitization of the service_type argument in the HTTP POST request handler.
Mandates timely remediation of the identified buffer overflow flaw through firmware updates from the vendor.
Provides memory protections such as stack guards and ASLR to mitigate successful exploitation of the buffer overflow for code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote buffer overflow vulnerability in the router's public-facing web interface (/boafrm/formPortFw) via HTTP POST enables exploitation for initial access (T1190) and application-level denial of service (T1499.004), as demonstrated by the disclosed PoC.
NVD Description
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow.…
more
It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8139 is a critical buffer overflow vulnerability (CVSS 3.1 score of 8.8) affecting the TOTOLINK A702R router running firmware version 4.0.0-B20230721.1521. The issue resides in an unknown part of the /boafrm/formPortFw component within the HTTP POST Request Handler, where manipulation of the "service_type" argument triggers the overflow. It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, potentially allowing arbitrary code execution or full device compromise.
Advisories documented on VulDB (ctiid.317535, id.317535, submit.620485) detail the vulnerability, while a public proof-of-concept exploit is available on GitHub at panda666-888/vuls/blob/main/totolink/a702r/formPortFw.md. The vendor's website at totolink.net should be checked for firmware updates or mitigation guidance.
Details
- CWE(s)