What is CVE-2025-11005?

CVE-2025-11005 is a vulnerability in Totolink X6000r, classified under OS Command Injection. Published 2025-09-25.

Is CVE-2025-11005 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Totolink X6000r

CVE-2025-11005

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

Affected products

Totolink X6000r — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds
neighborhood-H/1-DAY_

References

www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html
github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2…

Frequently asked questions

What is CVE-2025-11005?: CVE-2025-11005 is a vulnerability in Totolink X6000r, classified under OS Command Injection. Published 2025-09-25.
Is CVE-2025-11005 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.