CVE-2025-44655CRITICAL 9.8EPSS p24.3%

CVE-2025-44655CVE-2025-44655

Description

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.3% · 2026-06-18T12:00:27Z
Published2025-07-21
Last modified2025-08-07

Underlying weaknesses· 1

CWE-266

References

  1. http://totolink.com
  2. https://gist.github.com/TPCchecker/d7306649f51ca25e22dd6532546a58f3

1

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-44654
CVE
CVE-2026-11554
CVE
CVE-2026-11494
CVE
CVE-2026-11620
CVE
CVE-2026-5850
CVE
CVE-2026-6025
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.