Stack Overflow Vulnerability in TOTOLink A7000R Router
CVE-2025-63154

7.5HIGH

Key Information:

Vendor: TOTOLink
Status: A7000R
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-63154?

The TOTOLink A7000R router has been found to have a stack overflow vulnerability in the urldecode function, specifically within the addEffect parameter. Attackers can exploit this flaw by sending a specially crafted POST request, potentially leading to Denial of Service (DoS) conditions. Users of the affected version should prioritize applying necessary security updates to mitigate any risks associated with this vulnerability.

References

https://github.com/0-fool/VulnbyCola/blob/main/TOTOLINK/A...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 27, 2025

JSON