CVE-2025-25427

Published Apr 18, 2025

Last updated 2 months ago

CVSS high 8.6

Overview

Description
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-79

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-25427 ๐Ÿ”ด HIGH (8.6) ๐Ÿข TP-Link - TL-WR841N ๐Ÿ—๏ธ 0 ๐Ÿ”— https://t.co/JQofsJZiay #CyberCron #VulnAlert #InfoSec https://t.co/3QLpvyECtB

    @cybercronai

    18 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.