CVE-2025-8242
Published: 27 July 2025
Summary
CVE-2025-8242 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A buffer overflow vulnerability exists in the TOTOLINK X15 router running firmware version 1.0.0-B20230714.1105. The flaw resides in the HTTP POST Request Handler within the /boafrm/formFilter endpoint, where unsanitized input supplied to the ip6addr, url, vpnPassword, or vpnUser arguments can trigger an out-of-bounds write. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.
An authenticated remote attacker can send a crafted HTTP POST request to the affected endpoint and trigger the overflow. Successful exploitation grants the attacker control over the device with high impact to confidentiality, integrity, and availability; public proof-of-concept code demonstrating the attack has already been released.
The EPSS score remains low and essentially flat at approximately 0.032, indicating limited observed exploitation interest to date. No vendor advisory or firmware update addressing the flaw is referenced in the available disclosures.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22831
Vulnerability details
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The…
more
attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in publicly exposed router web interface (/boafrm/formFilter HTTP handler) directly enables remote exploitation for code execution or full compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates HTTP POST parameters such as ip6addr, url, vpnPassword, and vpnUser to prevent buffer overflows from malformed inputs in the /boafrm/formFilter handler.
Implements memory protections like stack canaries, ASLR, and non-executable memory to mitigate remote exploitation of the buffer overflow vulnerability.
Ensures timely remediation by applying firmware patches or updates to address the specific buffer overflow in the TOTOLINK X15 HTTP POST Request Handler.