Stored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427)
Ddos 
A security vulnerability has been identified in TP-Link WR841N routers, posing a risk to users. The vulnerability is a stored cross-site scripting (XSS) flaw found in the “upnp.htm” page of the web interface.
The security advisory indicates that TP-Link WR841N routers, specifically versions v14/v14.6/v14.8 up to build 241230 Rel. 50788n, are affected. This vulnerability allows remote attackers to inject arbitrary JavaScript code via the port mapping description. The injected code is then executed when the “upnp” page is loaded.
The consequences of this XSS vulnerability can be severe. As the advisory states, “This XSS can be used to execute arbitrary JavaScript code and steal the admin password.“
The affected product is the TP-Link WR841N router. The vulnerable versions are v14/v14.6/v14.8, specifically those with a build version less than or equal to 241230 Rel. 50788n. The fixed version is Build 250328 Rel.49245n. This information is summarized in the following table from the advisory:
| Affected Product Model | Related Vulnerabilities | Affected Version | Fixed Version |
| TP-Link WR841N v14/v14.6/v14.8 | CVE-2025-25427 | <= Build 241230 Rel. 50788n | Build 250328 Rel.49245n |
TP-Link advises users to take the following actions:
- Update to the latest firmware immediately to close the XSS vulnerability.
Users should download the update as soon as possible:
- Change the router’s admin password after the update to prevent potential unauthorized access caused by leaked credentials.
Related Posts:
- Congress Scrutinizes TP-Link Routers Over Cybersecurity Concerns
- Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers
- Researchers Uncover Massive Quad7 Botnet Targeting Microsoft 365
- CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE
- CVE-2024-57040 (CVSS 9.8): TP-Link TL-WR845N Router Vulnerability Grants Hackers Easy Access