anonhaven
Ad

CVE-2025-25528

MEDIUM CVSS 3.1: 5.1 EPSS 3.30%
Updated Oct 07, 2025
Wavlink
Parameter Value
CVSS 5.1 (MEDIUM)
Type CWE-120 (Buffer Copy without Checking Size)
Vendor Wavlink
Public PoC No

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any authorization verification.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-120 Buffer Copy without Checking Size

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Wavlink Wl-Wn575a3_Firmware
cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300:*:*:*:*:*:*:*
Wavlink Wl-Wn575a3
cpe:2.3:h:wavlink:wl-wn575a3:-:*:*:*:*:*:*:*

References 1

https://gist.github.com/XiaoCurry/87f3a4412c46fa9c27d2f723136920b8
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5004

Wavlink

7.4

CVE-2026-2615

Wavlink

7.3

CVE-2024-39803

Wavlink

7.2

CVE-2024-39802

Wavlink

7.2

CVE-2024-39801

Wavlink

7.2