Cyber Posture

CVE-2025-0481

Medium

Published: 15 January 2025

Published
15 January 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0044 63.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0481 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Dlink Dir-878 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Remediating the flaw in the /dllog.cgi HTTP POST handler through firmware updates directly prevents the information disclosure vulnerability.

SI-10 Information Input Validation good match
prevent

Validating inputs to the HTTP POST request handler in /dllog.cgi prevents crafted manipulations that trigger sensitive information disclosure.

SI-15 Information Output Filtering good match
prevent

Filtering outputs from the /dllog.cgi component ensures sensitive information is not included in responses to unauthenticated remote requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated crafted HTTP POST to public web interface (/dllog.cgi) directly enables exploitation of a public-facing network device application for sensitive data disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the…

more

attack remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-0481 is a problematic information disclosure vulnerability affecting the D-Link DIR-878 router on firmware version 1.03. The flaw resides in an unknown function of the /dllog.cgi file within the HTTP POST Request Handler component, where manipulation via crafted requests exposes sensitive information.

The vulnerability enables remote exploitation without user interaction, authentication, or privileges, as reflected in its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Attackers with network access can send a malicious HTTP POST request to trigger the disclosure, achieving low-impact confidentiality loss without affecting integrity or availability.

VulDB advisories (ctiid.291924, id.291924) document the issue, while a GitHub repository provides a disclosed proof-of-concept exploit in dllog.md. The D-Link website serves as a reference for potential firmware updates, though no specific patch details are outlined in the available sources.

Details

CWE(s)
CWE-200CWE-284

Affected Products

dlink
dir-878 firmware
1.03

CVEs Like This One

CVE-2026-2055Same vendor: Dlink
CVE-2026-2054Same vendor: Dlink
CVE-2025-29515Same vendor: Dlink
CVE-2026-2056Same vendor: Dlink
CVE-2025-29514Same vendor: Dlink
CVE-2026-4194Same vendor: Dlink
CVE-2025-2548Same vendor: Dlink
CVE-2026-4180Same vendor: Dlink
CVE-2025-70219Same vendor: Dlink
CVE-2025-7194Same vendor: Dlink

References