CVE-2025-32107 HIGH

CVE-2025-32107

Vendor Tp-Link Corporation Limited
Product Deco BE65 Pro
Weakness CWE-78
Published April 11, 2025
Last update April 11, 2025

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
April 11, 2025 Record updated