CVE-2025-44018

HIGH EPSS 12.2%

Published Nov 24, 20257mo ago · Modified Jun 17, 20261w ago

8.3 CVSS 3.1

High

Published Nov 24, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

Description

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVSS Details

Base Score

8.3

Exploitability

1.6

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

12.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-295

References 2

talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.