CVE-2025-7952

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: Jul 22, 2025
Updated: Jul 24, 2025
CVE: CVE-2025-7952
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
totolink / t6_firmware	4.1.5cu.748_b20211015	4.1.5cu.748_b20211015.x

https://github.com/ElvisBlue/Public/blob/main/Vuln/7.md
https://github.com/ElvisBlue/Public/blob/main/Vuln/7.md#poc
https://vuldb.com/?ctiid.317098
https://vuldb.com/?id.317098
https://vuldb.com/?submit.619319
https://www.totolink.net/

Vulnerability Database

CVE-2025-7952

Deep Security Visibility Without the Complexity