CVE-2025-7850 CRITICAL

CVE-2025-7850: Authenticated OS command execution

Vendor Tp-Link Systems Inc.

Product Omada gateways

Weakness CWE-78

Published October 21, 2025

Last update October 24, 2025

CVSS base score

9.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

What the vulnerability does

01Description

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

Key dates

October 21, 2025 CVE published

October 24, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-7850

CWE CWE-78

CVSS 9.3 / CRITICAL

Vendor Tp-Link Systems Inc.

Product Omada gateways

Affected < ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.

Vendor Tp-Link Systems Inc.

Product Festa gateways

Affected < FR365 1.1.10, FR205 1.0.3, FR307 1.2.5

Vendor Tp-Link Systems Inc.

Product Omada Pro gateways

Affected < G36 1.1.4, G611 1.2.2