CVE-2025-15545

high

Description

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.

References

https://www.tp-link.com/us/support/faq/4929/

https://www.tp-link.com/us/support/download/re605x/v3/#Firmware

https://www.tp-link.com/en/support/download/re605x/v3/#Firmware

https://nico-security.com/posts/cve-2025-15545

Details

Source: Mitre, NVD

Published: 2026-01-29

Updated: 2026-01-31

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 7.3

Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00016