CVE-2025-52907NVD

Vulnerability Summary

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Severity Level

HIGH(7.3)

Published Date

Sep 24, 2025

Last Modified

Sep 26, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

External References

https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0003/PANW-2025-0003.md
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html

Critical Alert

CVE Watchtower

CVE-2025-52907NVD

Vulnerability Summary

External References