Security Advisory

CVE-2025-61481

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-27 00:00:00

Last updated 2025-10-30 17:24:08

Assigner mitre

State PUBLISHED

Description

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.

← Browse all CVEs View on cve.org ↗