CVE-2025-15545

EUVD-2025-206536
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Common Weakness Enumeration
References
https://nico-security.com/posts/cve-2025-15545
https://www.tp-link.com/en/support/download/re605x/v3/#Firmware
https://www.tp-link.com/us/support/download/re605x/v3/#Firmware
https://www.tp-link.com/us/support/faq/4929/