CVE-2025-7851 - Vulnerability Details - OpenCVE

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.omadanetworks.com/en/document/108456/
https://www.omadanetworks.com/us/business-networking/all-omada-router/
https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/
https://www.tp-link.com/us/business-networking/soho-festa-gateway/

History

Tue, 21 Oct 2025 00:45:00 +0000

Type	Values Removed	Values Added
Description		An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Title		Unauthorized root access via debug functionality
References		https://support.omadanetworks.com/en/document/108456/ https://www.omadanetworks.com/us/business-networking/all-omada-router/ https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ https://www.tp-link.com/us/business-networking/soho-festa-gateway/
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2025-10-21T00:29:05.809Z

Updated: 2025-10-21T00:29:05.809Z

Reserved: 2025-07-18T21:49:12.159Z

Link: CVE-2025-7851

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-21T01:15:37.330

Modified: 2025-10-21T01:15:37.330

Link: CVE-2025-7851

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7851", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-07-18T21:49:12.159Z", "datePublished": "2025-10-21T00:29:05.809Z", "dateUpdated": "2025-10-21T00:29:05.809Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Omada gateways", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.2.1, ER7212PC 2.1.3", "status": "affected", "version": "0", "versionType": "Firmware"}]}, {"defaultStatus": "unaffected", "product": "Festa gateways", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "FR365 1.1.10, FR205 1.0.3, FR307 1.2.5", "status": "affected", "version": "0", "versionType": "Firmware"}]}, {"defaultStatus": "unaffected", "product": "Omada Pro gateways", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "G36 1.1.4, G611 1.2.2", "status": "affected", "version": "0", "versionType": "Firmware"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.</div></div>"}], "value": "An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-10-21T00:29:05.809Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://support.omadanetworks.com/en/document/108456/"}, {"tags": ["product"], "url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"}, {"tags": ["product"], "url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"}, {"tags": ["product"], "url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthorized root access via debug functionality", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways."}], "id": "CVE-2025-7851", "lastModified": "2025-10-21T01:15:37.330", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-10-21T01:15:37.330", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://support.omadanetworks.com/en/document/108456/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Received"}