CVE-2025-7851

high-risk
Published 2025-10-21

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Fr307-M2 Firmware
Fr307-M2 Firmware
Fr205 Firmware
Fr205 Firmware
Fr365 Firmware
Fr365 Firmware
G611 Firmware
G611 Firmware
G36 Firmware
G36 Firmware
Er7212Pc Firmware
Er7212Pc Firmware
Er706W-4G Firmware
Er706W-4G Firmware
Er706W Firmware
Er706W Firmware
Er605 Firmware
Er605 Firmware
Er7206 Firmware
Er7206 Firmware

Affected Vendors

Tp-Link

References (5)

Vendor Advisory https://support.omadanetworks.com/en/document/108456/
https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-ro...
Product https://www.omadanetworks.com/us/business-networking/all-omada-router/
Product https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-rout...
Product https://www.tp-link.com/us/business-networking/soho-festa-gateway/
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 0/34 · Minimal
Exposure 21/34 · High