CVE-2025-61481

Published Oct 27, 2025

Last updated 5 months ago

CVSS critical 10.0

Overview

Description
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-200

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18. 👇Dork: HUNTER : https://t.co/CWslYmAyts="MikroTik RouterOS"||https://t.co/CWslYmAyts="MikroTik SwOS" https

    @Anastasis_King

    6 Nov 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Vulnerabilidad en productos MikroTik ❗CVE-2025-61481 ➡️Más info: https://t.co/31C7Ylg7ag https://t.co/ANEUUywSj3

    @CERTpy

    4 Nov 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. آسیب پذیری CVE-2025-61481 رو دریابید

    @syntax_teror

    2 Nov 2025

    96 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18. 👇Dork: HUNTER : https://t.co/G5LwnS1NbE="MikroTik RouterOS"||https://t.co/G5LwnS1NbE="MikroTik SwOS" https

    @HackingTeam777

    30 Oct 2025

    1080 Impressions

    3 Retweets

    22 Likes

    12 Bookmarks

    1 Reply

    0 Quotes

  5. ⚠️⚠️ CVE-2025-61481: Critical 10.0/10 Flaw in MikroTik RouterOS/SwOS WebFig — enables admin credential interception and potential takeover 🎯4.3m+ Results are found on the https://t.co/pb16tGXCUG nearly year. 🔗FOFA Link: https://t.co/LYDuAu0bz1 FOFA Query: https://

    @fofabot

    29 Oct 2025

    1693 Impressions

    8 Retweets

    21 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨Alert🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18. 📊11.4M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/5Fb

    @HunterMapping

    29 Oct 2025

    10124 Impressions

    39 Retweets

    126 Likes

    74 Bookmarks

    0 Replies

    2 Quotes

  7. CVSS 10.0 MikroTik Flaw (CVE-2025-61481) Broadcasts Your Admin Password. Here's the Emergency Fix. Read the full report on - https://t.co/m3tYanRPtM https://t.co/KEcdgXmpRZ

    @cyberbivash

    29 Oct 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨Alert🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18. 📊11.4M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/5Fb

    @HunterMapping

    29 Oct 2025

    216 Impressions

    0 Retweets

    2 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Alert🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18. 📊11.4M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/5Fb

    @HunterMapping

    29 Oct 2025

    49 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. 🚨Alert🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP https://t.co/kaHLRwC1Vp affects RouterOS v.7.14.2 and SwitchOS v.2.18. 📊11.4M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter https://

    @HunterMapping

    29 Oct 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨🚨CVE-2025-61481 (CVSS 10.0): A critical flaw in MikroTik RouterOS/SwOS exposes the WebFig interface over unencrypted HTTP, enabling remote credential theft via MitM attacks. 🔥PoC: https://t.co/3eDOlxa3BI Search by vul.cve Filter👉vul.cve="CVE-2025-61481" ZoomEye http

    @zoomeye_team

    29 Oct 2025

    7282 Impressions

    22 Retweets

    70 Likes

    37 Bookmarks

    2 Replies

    1 Quote

  12. Great 🙄 🟥 CVE-2025-61481, CVSS: 10.0 (#Critical) MikroTik RouterOS version 7.14.2 and SwitchOS version 2.18, MikroTik. Vulnerability allows remote code execution via the HTTP-only WebFig management component. The potential impact is severe, as attackers can execute http

    @UjlakiMarci

    27 Oct 2025

    157 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    3 Replies

    1 Quote

  13. CVE-2025-61481 An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component https://t.co/B44GSv2hlg

    @CVEnew

    27 Oct 2025

    281 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.