CVE-2025-7912
published 2025-07-20CVE-2025-7912: A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.98%
57.8th percentile
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.1.3-4ubuntu0.11+esm12 | 2.1.3-4ubuntu0.11+esm12 |
| apple | cups | >= 0 < 2.2.7-1ubuntu2.10+esm10 | 2.2.7-1ubuntu2.10+esm10 |
| apple | cups | >= 0 < 2.3.1-9ubuntu1.9+esm4 | 2.3.1-9ubuntu1.9+esm4 |
| totolink | t6 | — | — |
| totolink | t6_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cups vulnerability
osv·2025-12-04·CVSS 5.5
CVE-2025-58436 cups vulnerability
cups vulnerability
USN-7912-1 fixed vulnerabilities in CUPS. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Original advisory details:
Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled
clients that send messages slowly. A remote attacker could possibly use
this issue to cause CUPS to stop responding, resulting in a denial of
service. (CVE-2025-58436)
In addition, this update fixes a regression introduced in USN-7897-1 which
resulted in certain invalid configuration file directives to cause the
CUPS daemon to fail to start.
GHSA
GHSA-pfrw-775r-c344: A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4
ghsa_unreviewed·2025-07-21
CVE-2025-7912 [HIGH] CWE-119 GHSA-pfrw-775r-c344: A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-20
Published