Vulnerability Details CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2025-15545
-
cpe:2.3:h:tp-link:archer_re605x:3.0
-
cpe:2.3:o:tp-link:archer_re605x_firmware:*