CVE-2025-7912 is a critical buffer overflow vulnerability identified in the TOTOLINK T6 router, specifically version 4.1.5cu.748_B20211015. The flaw exists in the MQTT Service component, within the function recvSlaveUpgstatus. This function improperly handles the argument 's', allowing an attacker to manipulate it in a way that causes a buffer overflow. Buffer overflow vulnerabilities can lead to arbitrary code execution, denial of service, or system crashes. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, increasing the risk of widespread exploitation. The CVSS 4.0 base score is 8.7, reflecting high severity due to the network attack vector, low attack complexity, no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be in the wild, the disclosure of the vulnerability and its exploit details means attackers could develop and deploy exploits rapidly. The MQTT Service is commonly used for lightweight messaging in IoT and network devices, making this vulnerability particularly dangerous as it could be leveraged to compromise the router’s firmware or network traffic. The lack of available patches at the time of disclosure further elevates the risk for affected users.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on TOTOLINK T6 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary code on the device, potentially gaining control over the router. This could lead to interception or manipulation of network traffic, disruption of internet connectivity, and pivoting into internal networks. Confidentiality breaches could expose sensitive organizational data, while integrity and availability impacts could disrupt business operations. Small and medium enterprises, as well as home office environments using TOTOLINK devices, may be particularly vulnerable due to limited security monitoring and patch management capabilities. Additionally, critical infrastructure or public sector organizations using these devices could face increased risks of targeted attacks or espionage. The remote and unauthenticated nature of the exploit increases the likelihood of automated scanning and exploitation attempts, amplifying the threat landscape across Europe.

Organizations should immediately identify and inventory all TOTOLINK T6 devices running the affected firmware version 4.1.5cu.748_B20211015. Since no official patches are currently available, temporary mitigations include disabling the MQTT Service if feasible, or restricting network access to the device’s management interfaces to trusted internal networks only. Network segmentation should be enforced to isolate vulnerable devices from critical systems. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting MQTT anomalies or buffer overflow attempts can help detect exploitation attempts. Monitoring network traffic for unusual MQTT packets or unexpected device behavior is recommended. Organizations should also engage with TOTOLINK support channels to obtain updates on patch releases and apply firmware updates promptly once available. As a longer-term measure, consider replacing affected devices with models from vendors with stronger security track records and timely patch management. Employee awareness about the risks of IoT device vulnerabilities and the importance of network hygiene should be reinforced.