Cyber Resilience

CVE-2025-8244

HighPublic PoCRCE

Published: 27 July 2025

Published
27 July 2025
Modified
29 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0225 85.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8244 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A vulnerability classified as critical exists in the TOTOLINK X15 router running firmware version 1.0.0-B20230714.1105. It resides in an unknown function within the file /boafrm/formMapDelDevice of the HTTP POST Request Handler component. Manipulation of the macstr argument triggers a buffer overflow condition, as indicated by the associated CWEs for improper restriction of operations within bounds of a memory buffer and command injection risks.

Remote attackers can exploit the flaw without user interaction or high attack complexity, requiring only low privileges. Successful exploitation grants full control over confidentiality, integrity, and availability on the affected device, with a publicly disclosed proof-of-concept available that enables remote code execution or denial of service.

The current EPSS score of 0.0225, with a peak of 0.0227, reflects limited observed exploitation interest following disclosure. No vendor patch or mitigation guidance is detailed in the provided references, though the manufacturer site and vulnerability databases list the issue for tracking.

EU & UK References

Vulnerability details

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow.…

more

It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote buffer overflow (CWE-120) in router web interface (/boafrm/formMapDelDevice) via 'macstr' enables unauthenticated exploitation of public-facing application (T1190), remote services (T1210), command injection into Unix shell (T1059.004 per advisories), and DoS via application exploitation (T1499.004).

CVEs Like This One

CVE-2025-8246Same product: Totolink X15
CVE-2025-8245Same product: Totolink X15
CVE-2025-8242Same product: Totolink X15
CVE-2025-8243Same product: Totolink X15
CVE-2025-8140Same vendor: Totolink
CVE-2025-8138Same vendor: Totolink
CVE-2025-8170Same vendor: Totolink
CVE-2025-11444Same vendor: Totolink
CVE-2025-8136Same vendor: Totolink
CVE-2025-8137Same vendor: Totolink

Affected Assets

totolink
x15 firmware
1.0.0-b20230714.1105

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Input Validation directly prevents buffer overflows by enforcing bounds checking and validation on the macstr POST parameter before processing.

prevent

Memory Protection implements safeguards like DEP and ASLR to minimize the impact of buffer overflow exploits attempting arbitrary code execution.

preventrecover

Flaw Remediation requires timely patching of the specific buffer overflow in the HTTP POST handler to eliminate the vulnerability.

References