CVE-2025-10547

High

9.8/10

Summary

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Oct 03, 2025

CVE-2025-10547

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS