Cyber Posture

CVE-2025-9303

HighPublic PoC

Published: 21 August 2025

Published
21 August 2025
Modified
06 October 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0073 72.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9303 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A720R Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the buffer overflow flaw in the TOTOLINK A720R firmware, directly mitigating the CVE through patching.

SI-10 Information Input Validation good match
prevent

Mandates validation of the 'desc' argument in the setParentalRules function to prevent buffer overflows from malformed input.

SI-16 Memory Protection partial match
prevent

Implements memory safeguards like non-executable stacks and ASLR to mitigate remote code execution even if the buffer overflow occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public CGI endpoint (/cgi-bin/cstecgi.cgi) directly enables remote exploitation of a network device web interface for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The…

more

exploit has been released to the public and may be exploited.

Deeper analysisAI

CVE-2025-9303 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the TOTOLINK A720R router on firmware version 4.1.5cu.630_B20250509. The issue exists in the setParentalRules function of the /cgi-bin/cstecgi.cgi component, where manipulation of the "desc" argument triggers the overflow.

Attackers with low privileges can exploit this remotely over the network (AV:N) with low attack complexity (AC:L), no user interaction required (UI:N), and unchanged scope (S:U), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), for an overall CVSS v3.1 score of 8.8. Exploitation enables potential remote code execution on the affected device.

Advisories reference a public proof-of-concept and exploit available on GitHub at repositories under lin-3-start/lin-cve for TOTOLINK A720R, along with VulDB entries detailing the issue (ctiid.320908, id.320908). No specific patches or mitigation steps are outlined in the provided references. The exploit has been publicly released, increasing the risk of active exploitation.

Details

CWE(s)
CWE-119CWE-120

Affected Products

totolink
a720r firmware
4.1.5cu.630_b20250509

CVEs Like This One

CVE-2025-8242Same vendor: Totolink
CVE-2026-1155Same vendor: Totolink
CVE-2025-9780Same vendor: Totolink
CVE-2025-9783Same vendor: Totolink
CVE-2026-1328Same vendor: Totolink
CVE-2025-7460Same vendor: Totolink
CVE-2025-1852Same vendor: Totolink
CVE-2026-1143Same vendor: Totolink
CVE-2025-12239Same vendor: Totolink
CVE-2025-7758Same vendor: Totolink

References