Exploit Details
Basic Information
| Exploit Title | MikroTik RouterOS 7.19.1 – Reflected XSS |
|---|---|
| Exploit ID | EDB-ID:52366 |
| Type | exploitdb |
| Published | 2025-07-16T00:00:00 |
| Modified | 2025-07-16T00:00:00 |
CVSS Information
| CVSS Score | 4.8 |
|---|---|
| Severity | MEDIUM |
| Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N |
AI Analysis
| AI Description | A reflected XSS vulnerability in MikroTik RouterOS 7.19.1 allows attackers to execute scripts via the dst parameter. This requires user interaction, such as visiting a malicious link, which could lead to phishing or redirection attacks. |
|---|---|
| AI Severity | Medium |
| AI Vendor | MikroTik |
| AI Product | RouterOS |
| AI Version | 7.19.1 |
CVE Information
- CVE-2025-6563
Exploit Description
Exploit Title: MikroTik RouterOS 7.19.1 – Reflected XSS Google Dork:…
Exploit Code
# Exploit Title: MikroTik RouterOS 7.19.1 – Reflected XSS
# Google Dork: inurl:/login?dst=
# Date: 2025-07-15
# Exploit Author: Prak Sokchea
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: RouterOS \u003c= 7.19.1
# Tested on: MikroTik CHR 7.19.1
# CVE : CVE-2025-6563
# Google Dork: inurl:/login?dst=
# Date: 2025-07-15
# Exploit Author: Prak Sokchea
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: RouterOS \u003c= 7.19.1
# Tested on: MikroTik CHR 7.19.1
# CVE : CVE-2025-6563
# PoC:
# Visit the following URL while connected to the vulnerable MikroTik hotspot service:
# http://\u003ctarget-ip\u003e/login?dst=javascript:alert(3)
# A reflected XSS will be triggered when the dst parameter is not properly sanitized by the server-side logic.
# This vulnerability requires user interaction (visiting the link) and may be used in phishing or redirection attacks.
# Notes:
# This is a non-persistent reflected XSS. It is accepted due to the presence of a valid CVE (CVE-2025-6563),
# and has been acknowledged by MikroTik as a valid issue.