What is CVE-2025-8181?

CVE-2025-8181 is a high-severity vulnerability in Totolink N600r, classified under CWE-272. CVSS score: 7.2/10. Published 2025-07-26.

How severe is CVE-2025-8181?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2025-8181 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Totolink N600r

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It i…

EPSS: 0.011 (78.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R.

Affected products

Totolink N600r — versions 1.0.0.1
Totolink X2000r — versions 1.0.0.1

Weakness classification (CWE)

Public proof-of-concept exploits

References

VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation (vdb-entry)
VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration (third-party-advisory)
Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate) (third-party-advisory)
www.notion.so/23a54a1113e780c08f3acca6a746d732 (related)
www.totolink.net/ (product)

Frequently asked questions

What is CVE-2025-8181?: CVE-2025-8181 is a high-severity vulnerability in Totolink N600r, classified under CWE-272. CVSS score: 7.2/10. Published 2025-07-26.
How severe is CVE-2025-8181?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2025-8181 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.