CVE-2025-8242

HighPublic PoC

Published: 27 July 2025

Published

27 July 2025

Modified

29 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0143 80.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8242 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates HTTP POST parameters such as ip6addr, url, vpnPassword, and vpnUser to prevent buffer overflows from malformed inputs in the /boafrm/formFilter handler.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries, ASLR, and non-executable memory to mitigate remote exploitation of the buffer overflow vulnerability.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation by applying firmware patches or updates to address the specific buffer overflow in the TOTOLINK X15 HTTP POST Request Handler.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in publicly exposed router web interface (/boafrm/formFilter HTTP handler) directly enables remote exploitation for code execution or full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The…

attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-8242 is a critical buffer overflow vulnerability (CWE-119, CWE-120) affecting the TOTOLINK X15 router on firmware version 1.0.0-B20230714.1105. The flaw exists in unknown code within the /boafrm/formFilter file of the HTTP POST Request Handler component, triggered by manipulation of arguments including ip6addr, url, vpnPassword, or vpnUser.

Attackers can exploit this vulnerability remotely with low attack complexity and low privileges required (PR:L), without user interaction. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high impacts on confidentiality, integrity, and availability, potentially enabling remote code execution or system compromise.

Proof-of-concept exploits targeting parameters like ip6addr and url have been publicly disclosed on GitHub repositories such as panda666-888/vuls, with further details documented on VulDB entries including ctiid.317830 and id.317830. No specific patches or mitigation guidance are detailed in the referenced advisories.

The exploit has been disclosed to the public and may be used, as noted in the vulnerability description published on 2025-07-27.

Details

CWE(s): CWE-119 CWE-120

Affected Products

totolink

x15 firmware

1.0.0-b20230714.1105

CVEs Like This One

CVE-2025-8243Same product: Totolink X15

CVE-2025-8245Same product: Totolink X15

CVE-2025-8246Same product: Totolink X15

CVE-2025-8244Same product: Totolink X15

CVE-2025-9303Same vendor: Totolink

CVE-2026-1155Same vendor: Totolink

CVE-2025-9780Same vendor: Totolink

CVE-2025-9783Same vendor: Totolink

CVE-2026-1328Same vendor: Totolink

CVE-2025-7460Same vendor: Totolink

References

https://github.com/panda666-888/vuls/blob/main/totolink/x15/formFilter_ip6addr.md
Exploit · cna@vuldb.com
https://github.com/panda666-888/vuls/blob/main/totolink/x15/formFilter_url.md
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.317830
Permissions Required · cna@vuldb.com
https://vuldb.com/?id.317830
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.622661
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.622662
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.622664
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.622665
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.totolink.net/
Product · cna@vuldb.com
https://github.com/panda666-888/vuls/blob/main/totolink/x15/formFilter_ip6addr.md
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/panda666-888/vuls/blob/main/totolink/x15/formFilter_url.md
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0