CVE-2025-6563 Information

Jul 04, 2025 cve

Description

A cross-site scripting vulnerability is present in the hotspot of MikroTik’s RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in the XSS executes. The POST request used to login can also be converted to a GET request allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker’s account) and triggers the payload.

Reference

https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/ https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/

CNNVD-202507-283 (Published: 2025-07-03)

Share on:

CVE-2025-6563 Information

Description

Reference

Related CNNVD