Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Mikrotik
Routeros

mikrotik routeros Vulnerabilities: CVEs, CISA KEV & Security Advisories

86 CVEs

2 in CISA KEV

mikrotik routeros Vulnerabilities

CVE security advisories and vulnerability history for routeros by mikrotik.

86

Total CVEs

Published

2

In CISA KEV

Exploited in the wild

48

Public exploits

With known exploit

7.8

Avg CVSS

2009–2026

Last updated May 5, 2026

Overview

mikrotik routeros has 86 published CVE records since 2009, of which 2 are in CISA's Known Exploited Vulnerabilities catalog and 48 have a known public exploit. The average CVSS base score across scored CVEs is 7.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting mikrotik routeros, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include 64 bit, ARM, MIPSBE, PPC, mips, ppc.

Severity and exploitation

How the CVSS severity of mikrotik routeros's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical4

High9

Medium3

Low0

70 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

2

2 of mikrotik routeros's CVEs are confirmed exploited in the wild.

Public exploits

48

48 of mikrotik routeros's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every mikrotik routeros version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

6.48.81 CVE
6.49.91 CVE
Long-term 6.42.12 and below1 CVE
Stable 6.43.12 and below1 CVE
Testing 6.44beta75 and below1 CVE

Fixed in

6.4714 CVEs
6.40.94 CVEs
6.42.74 CVEs
6.44.52 CVEs
6.48.22 CVEs
6.49.72 CVEs
> 6.48.61 CVE
> 7.20.x1 CVE
6.37.51 CVE
6.38.51 CVE
6.41.31 CVE
6.42.121 CVE
6.431 CVE
6.43.121 CVE
6.44.61 CVE
6.45.51 CVE
6.46.51 CVE
6.48.71 CVE
6.49.101 CVE
6.49.181 CVE
7.121 CVE
7.181 CVE
7.19.21 CVE
7.201 CVE
7.20.11 CVE
7.21beta21 CVE
7.51 CVE
7.61 CVE

Default status

All versions1 CVE

Find a version

86 CVEs

Sort

Improper certificate validation in multiple RouterOS services
CVE-2025-42611
Patch
CWE-295
Medium · CVSS 6.5
EPSS 0.0% (1th pct)2026-05-05
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
CVE-2026-7668
Public exploit
CWE-125
High · CVSS 7.3
EPSS 0.1% (18th pct)2026-05-02
MikroTik RouterOS libjson.so print parse_json_element buffer overflow
CVE-2025-10948
Public exploit
Patch
CWE-119
High · CVSS 8.8
EPSS 0.2% (46th pct)2025-09-25
Cross-site scripting via dst parameter in RouterOS WiFi hotspot
CVE-2025-6563
Public exploit
Patch
CWE-20
Medium · CVSS 4.8
EPSS 1.5% (81th pct)2025-07-03
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability
CVE-2025-6443
Patch
CWE-284
High · CVSS 7.2
EPSS 0.7% (73th pct)2025-06-25
High vulnerability · 2025-05-29
CVE-2024-54952CWE-476
High · CVSS 7.5
EPSS 0.6% (69th pct)2025-05-29
Medium vulnerability · 2025-02-11
CVE-2024-54772
Public exploit
Patch
CWE-208
Medium · CVSS 5.4
EPSS 2.0% (84th pct)2025-02-11
High vulnerability · 2024-05-03
CVE-2023-32154
Patch
CWE-787
High · CVSS 7.5
EPSS 2.4% (85th pct)2024-05-03
Vulnerability · 2023-11-14
CVE-2023-41570
Public exploit
Patch
CWE-284
Unscored
EPSS 0.1% (18th pct)2023-11-14
MikroTik RouterOS Web Interface Heap Corruption
CVE-2023-30800
Public exploit
Patch
CWE-787
High · CVSS 7.5
EPSS 4.3% (89th pct)2023-09-07
MikroTik RouterOS Administrator Privilege Escalation
CVE-2023-30799
Public exploit
Patch
CWE-269
Critical · CVSS 9.1
EPSS 0.2% (46th pct)2023-07-19
Vulnerability · 2023-07-12
CVE-2020-20021
Public exploit
Unscored
EPSS 0.1% (25th pct)2023-07-12
High vulnerability · 2023-03-27
CVE-2023-24094CWE-787
High · CVSS 7.5
EPSS 0.2% (45th pct)2023-03-27
Critical vulnerability · 2022-12-05
CVE-2022-45315
Public exploit
Patch
CWE-125
Critical · CVSS 9.8
EPSS 2.2% (85th pct)2022-12-05
High vulnerability · 2022-12-05
CVE-2022-45313
Public exploit
Patch
CWE-125
High · CVSS 8.8
EPSS 13.5% (94th pct)2022-12-05
Critical vulnerability · 2022-10-15
CVE-2017-20149
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 6.3% (91th pct)2022-10-15
Vulnerability · 2022-08-26
CVE-2022-36522
Public exploit
Unscored
EPSS 0.4% (64th pct)2022-08-26
Vulnerability · 2022-08-25
CVE-2022-34960
Unscored
EPSS 0.5% (68th pct)2022-08-25
Vulnerability · 2022-05-11
CVE-2021-36613
Patch
Unscored
EPSS 0.9% (76th pct)2022-05-11
Vulnerability · 2022-05-11
CVE-2021-36614
Patch
Unscored
EPSS 0.9% (76th pct)2022-05-11
Vulnerability · 2022-03-16
CVE-2021-41987
Unscored
EPSS 49.0% (98th pct)2022-03-16
Vulnerability · 2022-02-28
CVE-2020-22845
Public exploit
Unscored
EPSS 1.6% (82th pct)2022-02-28
Vulnerability · 2022-02-28
CVE-2020-22844
Public exploit
Unscored
EPSS 1.6% (82th pct)2022-02-28
Vulnerability · 2021-07-21
CVE-2020-20221
Patch
Unscored
EPSS 1.1% (79th pct)2021-07-21
Vulnerability · 2021-07-21
CVE-2020-20262
Public exploit
Patch
Unscored
EPSS 0.3% (49th pct)2021-07-21
Vulnerability · 2021-07-21
CVE-2020-20219
Unscored
EPSS 1.1% (78th pct)2021-07-21
Vulnerability · 2021-07-19
CVE-2020-20248
Public exploit
Unscored
EPSS 0.9% (76th pct)2021-07-19
Vulnerability · 2021-07-19
CVE-2020-20249
Public exploit
Patch
Unscored
EPSS 0.2% (45th pct)2021-07-19
Vulnerability · 2021-07-19
CVE-2020-20230
Public exploit
Patch
Unscored
EPSS 0.9% (76th pct)2021-07-19
Vulnerability · 2021-07-14
CVE-2020-20231
Public exploit
Unscored
EPSS 0.7% (73th pct)2021-07-14

Showing 30 of 86

Common weakness types

The CWE weakness categories most often found in mikrotik routeros CVEs. Follow any weakness for its full explanation.

CWE-787Out-of-bounds Write4 CVEs
CWE-125Out-of-bounds Read3 CVEs
CWE-284Improper Access Control2 CVEs
CWE-23Relative Path Traversal2 CVEs
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer2 CVEs
CWE-494Download of Code Without Integrity Check1 CVE
CWE-269Improper Privilege Management1 CVE
CWE-20Improper Input Validation1 CVE

Disclosure activity by year

How many mikrotik routeros CVEs were published each year.

2012

1

2015

1

2017

4

2018

7

2019

10

2020

5

2021

34

2022

10

2023

5

2024

1

2025

5

2026

2

Other mikrotik products

Browse vulnerabilities for other products by mikrotik.

winbox4 CVEs ccr1009-7g-1c-1s\+2 CVEs ccr1009-7g-1c-1s\+pc2 CVEs ccr1009-7g-1c-pc2 CVEs ccr1016-12g2 CVEs ccr1016-12s-1s\+2 CVEs ccr1036-12g-4s2 CVEs ccr1036-12g-4s-em2 CVEs

All mikrotik vulnerabilities

Frequently asked questions

Common questions about mikrotik routeros vulnerabilities.

How many CVEs does mikrotik routeros have?

mikrotik routeros has 86 published CVE records since 2009.

How many mikrotik routeros CVEs are in CISA KEV?

Yes — 2 of mikrotik routeros's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Are there public exploits for mikrotik routeros vulnerabilities?

Yes — 48 of mikrotik routeros's CVEs have a known public exploit.

Which versions of mikrotik routeros are affected?

34 distinct mikrotik routeros versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in mikrotik routeros CVEs?

mikrotik routeros's CVEs most often map to these CWE weakness types: CWE-787 (Out-of-bounds Write), CWE-125 (Out-of-bounds Read), CWE-284 (Improper Access Control), CWE-23 (Relative Path Traversal).

How many critical mikrotik routeros vulnerabilities are there?

mikrotik routeros has 4 critical and 9 high-severity CVEs.

What is the average severity of mikrotik routeros CVEs?

The average CVSS base score across mikrotik routeros's scored CVEs is 7.8.

References

All mikrotik vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track mikrotik routeros vulnerabilities

Monitor new mikrotik routeros vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References