CVE-2025-7851 HIGH

CVE-2025-7851: Unauthorized root access via debug functionality

Vendor Tp-Link Systems Inc.
Product Omada gateways
Published October 21, 2025
Last update October 24, 2025

CVSS base score

8.7/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

What the vulnerability does

01Description

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Key dates

02Disclosure timeline

October 21, 2025 CVE published
October 24, 2025 Record updated