Command Injection Vulnerability in TOTOLINK X6000R Router
CVE-2025-52053

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: X6000R
Vendor: CVE Published:; 15 September 2025

What is CVE-2025-52053?

The TOTOLINK X6000R router version V9.4.0cu.1360_B20241207 contains a command injection vulnerability due to improper handling of user input in the sub_417D74 function. An unauthenticated attacker can exploit this flaw by sending a specially crafted request with a malicious 'file_name' parameter, allowing arbitrary command execution on the device. This vulnerability poses significant risks to network security and may allow unauthorized access or control of the impacted router.

References

https://totolink.net

https://github.com/w0rkd4tt/Totolink/blob/main/CVE-2025-5...

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Jun 16, 2025

JSON