Home / Vulnerability Intelligence / CVE-2025-67445

CVE-2025-67445 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: February 25, 2026

TOTOLINK X5000R - Denial of Service

Published: February 24, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability caused by insufficient bounds checking of CONTENT_LENGTH in /cgi-bin/cstecgi.cgi, letting attackers crash the management CGI and disrupt web interface availability, exploit requires sending a crafted large POST request when lighttpd request size limit is not enforced.

Severity & Score

Severity: High

CVSS Score: 7.5

EPSS Score: 8.8%(Probability of exploitation in next 30 days)

Impact

Attackers can crash the management CGI causing denial of service and loss of web interface availability.

Mitigation

Update to the latest version with enforced request size limits or patches addressing this issue.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🟠 CVE-2025-67445 - High (7.5) TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds chec... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67445/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/DaRkSpOoOk/CVE-2025-67445

Related Resources

Details

CVE ID: CVE-2025-67445
Severity: High
CVSS Score: 7.5
Type: denial_of_service
Status: confirmed
EPSS: 8.8%
Social Posts: 1

CWE

CWE-400

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

8.8%Probability of exploitation in the next 30 days