What is CVE-2025-25901?

A high-severity buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11. This issue can lead to a Denial of Service (DoS) if exploited. Immediate patching is recommended.

What is the severity of CVE-2025-25901?

CVE-2025-25901 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2025-25901 | Tp-Link - Out-of-bounds Write

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Given the potential impact, organizations should prioritize patching immediately.

The CVSS score of 7.5 indicates a high-severity risk, which can lead to significant service disruption. Organizations utilizing affected TP-Link devices need to assess their exposure and implement necessary mitigations.

Vulnerability Details

The vulnerability is classified under CWE-787, indicating a buffer overflow. The primary attack vector is through network exploitation with low complexity and no required privileges or user interaction. The vulnerability is officially published on February 13, 2025.

Technical Analysis

This vulnerability arises from inadequate input validation of parameters dnsserver1 and dnsserver2, which can lead to buffer overflow conditions. The attack complexity is low, meaning that an attacker can exploit this without sophisticated techniques. No special privileges are needed, and user interaction is not required. The impact on availability is high, as successful exploitation can lead to service disruption.

Risk & Impact Analysis

Risk to organizations includes potential service disruptions, which can impact operations significantly. Given the high CVSS score, this vulnerability should be addressed urgently as part of the patch management process. Organizations must evaluate their current security posture and prioritize updates for affected systems.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the TP-Link TL-WR841ND firmware. All versions prior to the vendor patch are vulnerable.

Mitigation & Remediation

Organizations should check for available firmware updates from TP-Link for the TL-WR841ND and apply the patches immediately. For those unable to update, consider implementing network segmentation to limit exposure. Further, ensure that unnecessary services are disabled and monitor for unusual traffic patterns.

Detection Guidance

Monitor logs for unusual activity, particularly around the dnsserver1 and dnsserver2 parameters. Look for any abnormal packet sizes that could indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

Lastly, staying informed about vulnerabilities and their implications is crucial for maintaining a strong security posture. Utilize resources like the AppSecure blog for ongoing updates and insights.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-25901: High Vulnerability in TP-Link TL-WR841ND Firmware