CVE-2025-6541

high-risk
Published 2025-10-21

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Er706W Firmware
Er706W Firmware
Er706W-4G Firmware
Er706W-4G Firmware
Er7212Pc Firmware
Er7212Pc Firmware
G36 Firmware
G36 Firmware
G611 Firmware
G611 Firmware
Fr365 Firmware
Fr365 Firmware
Fr205 Firmware
Fr205 Firmware
Fr307-M2 Firmware
Fr307-M2 Firmware
Er8411 Firmware
Er8411 Firmware
Er7412-M2 Firmware
Er7412-M2 Firmware

Affected Vendors

Tp-Link

References (4)

Vendor Advisory https://support.omadanetworks.com/en/document/108455/
Product https://www.omadanetworks.com/us/business-networking/all-omada-router/
Product https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-rout...
Product https://www.tp-link.com/us/business-networking/soho-festa-gateway/
51
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 0/34 · Minimal
Exposure 21/34 · High