CVE-2025-7525
published 2025-07-13CVE-2025-7525: A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of…
PriorityP272high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.11%
86.2th percentile
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | t6 | — | — |
| totolink | t6_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9h9m-2xjq-cm6v: A vulnerability was found in TOTOLINK T6 4
ghsa_unreviewed·2025-07-13
CVE-2025-7525 [MEDIUM] CWE-74 GHSA-9h9m-2xjq-cm6v: A vulnerability was found in TOTOLINK T6 4
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
OSV
Tomcat vulnerability
osv·2025-05-26·CVSS 9.8
CVE-2025-24813 Tomcat vulnerability
Tomcat vulnerability
USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for
tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10.
These versions include only the tomcat library (libtomcat9-java)
and not the full tomcat server stack.
Original advisory details:
It was discovered that Apache Tomcat incorrectly implemented partial
PUT functionality by replacing path separators with dots in temporary
files. A remote attacker could possibly use this issue to access
sensitive files, inject malicious content, or execute remote code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/ElvisBlue/Public/blob/main/Vuln/3.mdhttps://github.com/ElvisBlue/Public/blob/main/Vuln/3.md#pochttps://vuldb.com/?ctiid.316222https://vuldb.com/?id.316222https://vuldb.com/?submit.612936https://www.totolink.net/https://youtu.be/GawLaYfTwYshttps://github.com/ElvisBlue/Public/blob/main/Vuln/3.md#poc
2025-07-13
Published