CVE-2025-6541 HIGH

CVE-2025-6541: OS command injection using information obtained from the web management interface

Vendor Tp-Link Systems Inc.
Product Omada gateways
Weakness CWE-78
Published October 21, 2025
Last update October 21, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Key dates

02Disclosure timeline

October 21, 2025 CVE published
October 21, 2025 Record updated