CVE-2025-67089 | GL-iNet GL-AXT1800 4.6.8 RPC plugins.install_package command injection

January 8, 2026 Yanac

A vulnerability was found in GL-iNet GL-AXT1800 4.6.8 and classified as critical. The affected element is the function plugins.install_package of the component RPC. Such manipulation leads to command injection.

This vulnerability is listed as CVE-2025-67089. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-67091 | GL-iNet AX1800 4.6.4/4.6.8 API Call /tmp improper authentication
CVE-2025-61246 | indieka900 online-shopping-system-php 1.0 master/review_action.php proId sql injection