CVE-2025-6145 is a critical buffer overflow vulnerability identified in the TOTOLINK EX1200T router, specifically version 4.1.2cu.5232_B20210713. The flaw resides in the HTTP POST request handler component, within the /boafrm/formSysLog endpoint. An attacker can exploit this vulnerability by manipulating the 'submit-url' argument in the POST request, causing a buffer overflow. This vulnerability is remotely exploitable without requiring user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The buffer overflow can lead to severe consequences including remote code execution, denial of service, or system compromise. The CVSS 4.0 base score is 8.7 (high severity), reflecting the high impact on confidentiality, integrity, and availability (all rated high), and the low attack complexity. Although no public exploits are currently observed in the wild, the exploit code has been disclosed publicly, increasing the risk of imminent exploitation. The vulnerability affects a specific firmware version of the TOTOLINK EX1200T, a consumer-grade wireless router commonly used in home and small office environments. The lack of available patches at the time of disclosure further elevates the risk for affected users.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on TOTOLINK EX1200T routers, this vulnerability poses a significant risk. Successful exploitation could allow attackers to gain unauthorized remote access to the network, potentially leading to data breaches, interception of sensitive communications, or pivoting to internal systems. The compromise of network infrastructure devices like routers can undermine network integrity and availability, disrupting business operations. Given the router’s role as a gateway device, attackers could manipulate traffic, deploy man-in-the-middle attacks, or create persistent backdoors. The impact is particularly critical for organizations with limited IT security resources that may not promptly detect or mitigate such attacks. Additionally, the vulnerability could be leveraged in botnet campaigns or distributed denial-of-service (DDoS) attacks, affecting broader network stability in European regions.

1. Immediate identification and inventory of all TOTOLINK EX1200T devices running the affected firmware version (4.1.2cu.5232_B20210713) within the organization’s network. 2. Apply firmware updates as soon as TOTOLINK releases a patch addressing CVE-2025-6145. Until then, consider temporary mitigations such as disabling remote management interfaces or restricting access to the router’s web interface to trusted IP addresses only. 3. Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data environments. 4. Monitor network traffic for unusual POST requests targeting /boafrm/formSysLog or anomalous behavior indicative of exploitation attempts. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts against this vulnerability. 6. Educate users and administrators about the risks associated with outdated router firmware and encourage regular updates. 7. For organizations unable to immediately patch, consider replacing vulnerable devices with models from vendors with stronger security track records and timely patch management. 8. Collaborate with ISPs and security communities to share threat intelligence regarding exploitation attempts.