CVE-2025-10325 is a command injection vulnerability found in the Wavlink WL-WN578W2 wireless router, specifically in firmware version 221110. The vulnerability resides in the /cgi-bin/login.cgi script, within the functions sub_401340 and sub_401BA4. The issue arises from improper sanitization of the 'ipaddr' argument, which can be manipulated by an attacker to inject arbitrary OS commands. This flaw allows remote attackers to execute commands on the device without requiring authentication or user interaction, as the attack vector is network accessible (AV:N) and has low complexity (AC:L). The CVSS v4.0 base score is 5.3 (medium severity), reflecting limited impact on confidentiality, integrity, and availability, and the absence of privilege escalation or user interaction requirements. Although the vendor was notified early, no response or patch has been provided, and a public exploit is available, increasing the risk of exploitation. The vulnerability could be leveraged to gain control over the affected router, potentially enabling attackers to intercept network traffic, pivot to internal networks, or disrupt network availability. However, no known exploits in the wild have been reported to date.

For European organizations, this vulnerability poses a moderate risk, especially for those using the Wavlink WL-WN578W2 router model in their network infrastructure. Successful exploitation could lead to unauthorized command execution on the router, compromising network perimeter security. This may result in interception or manipulation of sensitive data, unauthorized network access, or denial of service conditions. Small and medium enterprises or branch offices that deploy this consumer-grade or SMB-grade router without additional security controls are particularly vulnerable. The lack of vendor response and patch availability increases the window of exposure. Given the remote attack vector and no authentication requirement, attackers can exploit this vulnerability from anywhere, potentially targeting European networks. However, the medium CVSS score suggests the impact is somewhat limited, possibly due to constrained command execution capabilities or partial mitigations inherent in the device. Still, the threat could be leveraged as a foothold in broader attack campaigns against European organizations, especially those with weak network segmentation or outdated device inventories.

Organizations should immediately identify any deployments of the Wavlink WL-WN578W2 router with firmware version 221110. Since no official patch is available, mitigation should focus on network-level controls: restrict remote access to the router's management interface by implementing firewall rules that limit access to trusted IP addresses or internal networks only. Disable remote management features if not required. Monitor network traffic for unusual patterns indicative of command injection attempts targeting the /cgi-bin/login.cgi endpoint. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics for command injection attacks. Consider replacing affected devices with models from vendors that provide timely security updates. Additionally, segment critical network assets behind more secure firewalls and avoid exposing vulnerable devices directly to the internet. Maintain an up-to-date asset inventory and enforce strict configuration management to prevent unauthorized firmware versions. Finally, engage with Wavlink or authorized distributors to request security updates or advisories.