TP-Link security patch release for CVE-2025-7850
Security Patch Release
Summary
Hide ▲
Show ▼
TP-Link has released firmware patches for CVE-2025-7850 and CVE-2025-7851 in Omada and Festa VPN routers, addressing flaws that could enable command injection and unauthorized root access. The issues were tied to an incomplete fix for CVE-2024-21827 that left debug code and alternate attack paths reachable. Users were urged to apply the patches immediately because the vulnerabilities can lead to root compromise in affected router deployments.
Related Happenings
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Langflow security patch release for CVE-2026-5027
Security Patch Release
H score38
First: 11.06.2026 00:23
Last: 11.06.2026 00:23
Sources 1
About this happening:
**Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Langflow security patch release for CVE-2026-5027
Security Patch ReleaseAbout this happening: **Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch Release
H score54
First: 10.06.2026 09:26
Last: 10.06.2026 09:26
Sources 1
About this happening:
**Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch ReleaseAbout this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch Release
H score59
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch ReleaseAbout this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
Timeline
-
23.10.2025 14:30 2 articles · 8mo ago
TP-Link releases firmware patches for Omada and Festa VPN router flaws
Mitigation Patch UpdateForescout’s Vedere Labs identified two vulnerabilities in TP-Link Omada and Festa VPN routers, tracked as CVE-2025-7850 and CVE-2025-7851, that could allow command injection and unauthorized root access; the issues were tied to an incomplete fix for CVE-2024-21827, residual debug code, and a WireGuard VPN settings private-key field that was not properly sanitized. TP-Link released firmware patches for the affected routers, and the researchers advised administrators to apply the updates immediately and harden management access.
Show sources
- Major Vulnerabilities Found in TP-Link VPN Routers — www.infosecurity-magazine.com — 23.10.2025 14:30
- Major Vulnerabilities Found in TP-Link VPN Routers — www.infosecurity-magazine.com — 23.10.2025 14:30