Remote Code Execution Vulnerability in MikroTik RouterOS and SwitchOS

CVE-2025-61481

What is CVE-2025-61481?

CVE-2025-61481 is a critical vulnerability found in MikroTik RouterOS version 7.14.2 and SwitchOS version 2.18. MikroTik is known for providing versatile routing and switching software solutions for network devices, catering primarily to internet service providers and enterprise networks. This vulnerability permits remote attackers to execute arbitrary code via the HTTP-only WebFig management interface, which can have dire implications for organizations relying on these systems for network management and operations. An attacker exploiting this vulnerability could gain unauthorized access to network configurations, potentially leading to severe disruptions, unauthorized data access, and a compromise of the integrity and confidentiality of network communications.

Potential impact of CVE-2025-61481

1. Remote Code Execution: The vulnerability allows for arbitrary code execution, enabling attackers to take full control of affected devices. This can lead to unauthorized modifications of configurations, making networks susceptible to further attacks.

2. Network Disruption: Exploiting this vulnerability could result in significant disruptions to network services, impacting business operations. An attacker could manipulate traffic, redirect users, or even cause outages.

3. Data Breach Risk: With control over the network devices, an attacker can access sensitive data traversing the network. This risk could lead to data theft, exposure of private information, and compliance violations for organizations.

References