CVE-2025-52906NVD

Vulnerability Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Severity Level

CRITICAL(9.3)

Published Date

Sep 24, 2025

Last Modified

Sep 26, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

External References

https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0002/PANW-2025-0002.md
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html

Critical Alert

CVE Watchtower

CVE-2025-52906NVD

Vulnerability Summary

External References