Vulnerability Description
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Archer Re605X Firmware | < 1.2.10 |
| Tp-Link | Archer Re605X | 3.0 |
Related Weaknesses (CWE)
References
- https://nico-security.com/posts/cve-2025-15545ExploitThird Party Advisory
- https://www.tp-link.com/en/support/download/re605x/v3/#FirmwareProduct
- https://www.tp-link.com/us/support/download/re605x/v3/#FirmwareProduct
- https://www.tp-link.com/us/support/faq/4929/Vendor Advisory
FAQ
What is CVE-2025-15545?
CVE-2025-15545 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowin...
How severe is CVE-2025-15545?
CVE-2025-15545 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15545?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Archer Re605X Firmware, Tp-Link Archer Re605X.