Cyber Resilience

CVE-2025-8242

HighPublic PoC

Published: 27 July 2025

Published
27 July 2025
Modified
29 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0320 87.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8242 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A buffer overflow vulnerability exists in the TOTOLINK X15 router running firmware version 1.0.0-B20230714.1105. The flaw resides in the HTTP POST Request Handler within the /boafrm/formFilter endpoint, where unsanitized input supplied to the ip6addr, url, vpnPassword, or vpnUser arguments can trigger an out-of-bounds write. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.

An authenticated remote attacker can send a crafted HTTP POST request to the affected endpoint and trigger the overflow. Successful exploitation grants the attacker control over the device with high impact to confidentiality, integrity, and availability; public proof-of-concept code demonstrating the attack has already been released.

The EPSS score remains low and essentially flat at approximately 0.032, indicating limited observed exploitation interest to date. No vendor advisory or firmware update addressing the flaw is referenced in the available disclosures.

EU & UK References

Vulnerability details

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The…

more

attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in publicly exposed router web interface (/boafrm/formFilter HTTP handler) directly enables remote exploitation for code execution or full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8243Same product: Totolink X15
CVE-2025-8246Same product: Totolink X15
CVE-2025-8245Same product: Totolink X15
CVE-2025-8244Same product: Totolink X15
CVE-2026-1328Same vendor: Totolink
CVE-2026-1157Same vendor: Totolink
CVE-2025-1852Same vendor: Totolink
CVE-2025-9779Same vendor: Totolink
CVE-2025-12239Same vendor: Totolink
CVE-2025-7460Same vendor: Totolink

Affected Assets

totolink
x15 firmware
1.0.0-b20230714.1105

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates HTTP POST parameters such as ip6addr, url, vpnPassword, and vpnUser to prevent buffer overflows from malformed inputs in the /boafrm/formFilter handler.

prevent

Implements memory protections like stack canaries, ASLR, and non-executable memory to mitigate remote exploitation of the buffer overflow vulnerability.

prevent

Ensures timely remediation by applying firmware patches or updates to address the specific buffer overflow in the TOTOLINK X15 HTTP POST Request Handler.

References