CVE-2025-10547CRITICAL 9.8EPSS p42.2%
CVE-2025-10547CVE-2025-10547
Description
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 0.56% probability of exploitation · percentile 42.2% · 2026-06-21T12:00:28Z |
| Published | 2025-10-03 |
| Last modified | 2026-04-15 |
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.