CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-52906

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 86.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0002/PANW-2025-0002.md
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html

Products affected by CVE-2025-52906

Totolink » X6000r » Version: N/A

cpe:2.3:h:totolink:x6000r:-
Totolink » X6000r Firmware » Version: 9.4.0cu.1041_b20240224

cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1041_b20240224
Totolink » X6000r Firmware » Version: 9.4.0cu.652_b20230116

cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116
Totolink » X6000r Firmware » Version: 9.4.0cu.852_b20230719

cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-52906

Products

Pricing

Contact Us