CVE-2025-7375 MEDIUM

CVE-2025-7375: Unauthenticated Denial-of-Service Vulnerability in Omada EAP610

Vendor Tp-Link Systems Inc.

Product EAP610 v3

Weakness CWE-20 · Input validation

Published March 5, 2026

Last update March 6, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.

Key dates

02Disclosure timeline

March 5, 2026 CVE published

March 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7375 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2023-42508 JFrog Artifactory Improper header input validation leads to email manipulation sent from the platform CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms CVE-2020-3257 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS CVE-2019-1891 Cisco Small Business Series Switches HTTP Denial of Service Vulnerability