OS Command Injection Vulnerability in TOTOLINK X6000R
CVE-2025-11005

9.3CRITICAL

Key Information:

Vendor: Totolink
Status: X6000r
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-11005?

The vulnerability arises from the improper neutralization of special elements in OS commands, allowing attackers to exploit the TOTOLINK X6000R router. This could result in unauthorized access to the system, enabling the execution of arbitrary commands. Users are advised to update their devices to the latest firmware to mitigate potential risks associated with this vulnerability.

Affected Version(s)

X6000R 0

References

https://www.totolink.net/home/menu/detail/menu_listtpl/do...

https://github.com/PaloAltoNetworks/u42-vulnerability-dis...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 25, 2025

JSON

Totolink

What is CVE-2025-11005?

Affected Version(s)

References

CVSS V4

Timeline