CVE-2025-10547

high

Description

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

References

References
More

https://www.securityweek.com/unauthenticated-rce-flaw-patched-in-draytek-routers/

https://kb.cert.org/vuls/id/294418

https://www.bleepingcomputer.com/news/security/draytek-warns-of-remote-code-execution-bug-in-vigor-routers/

https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/

https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

Details

Source: Mitre, NVD

Published: 2025-10-03

Updated: 2025-10-06

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability Being Monitored

Detections

Analytics