CVE-2025-7851 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
TPLink	CNA	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Vulnerability Media Exposure

[ENGLISH] TP-Link warns of critical command injection flaw in Omada gateways
TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]
Published: 2025-10-21T17:11:35-04:00

References

https://support.omadanetworks.com/en/document/108456/

https://www.omadanetworks.com/us/business-networking/all-omada-router/

https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/

https://www.tp-link.com/us/business-networking/soho-festa-gateway/