Overview
- TP-Link disclosed four vulnerabilities in Omada gateways — CVE-2025-6541, CVE-2025-6542, CVE-2025-7850 and CVE-2025-7851 — that allow arbitrary OS command execution in several scenarios.
- CVE-2025-6542 carries a CVSS 9.3 rating and can be exploited remotely without authentication, raising the risk of full device compromise.
- Firmware updates are available for 13 ER, G and FR models, with TP-Link advising immediate installation, password hardening and restricting access to management interfaces.
- Vedere Labs reports that CVE-2025-7850 and CVE-2025-7851 stem from an incomplete 2024 remediation that left debug functionality and key reuse, and says CVE-2025-7850 can be reachable without credentials in some deployments.
- TP-Link’s advisories do not cite confirmed in-the-wild exploitation, yet the flaws could enable root shell access under restricted conditions and broad control over SMB networks if left unpatched.