CVE-2025-10034
Published: 06 September 2025
Summary
CVE-2025-10034 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of unsupported system components like the end-of-support D-Link DIR-825 router, directly preventing exposure to unpatched buffer overflow vulnerabilities such as CVE-2025-10034.
Requires validation of information inputs like the ping6_ipaddr argument to the httpd CGI script, directly preventing the buffer overflow triggered by malformed input.
Implements memory protections such as non-executable stacks and address randomization to thwart exploitation of the buffer overflow even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the httpd ping6_response.cg script of the D-Link DIR-825 router's web interface enables remote code execution via exploitation of a public-facing application.
NVD Description
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The…
more
exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-10034 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the D-Link DIR-825 router on firmware version 1.08.01. The flaw exists in the get_ping6_app_stat function within the ping6_response.cg file of the httpd component, triggered by manipulation of the ping6_ipaddr argument. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and only impacts products no longer supported by the maintainer.
An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation of the buffer overflow could result in high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or denial of service on the affected device. A public exploit is available and could be used in attacks.
Advisories indicate no patches are available due to end-of-support status for the affected D-Link DIR-825 models. Security practitioners should reference VulDB entries (e.g., ctiid.322750, id.322750) and a GitHub proof-of-concept PDF for technical details, while isolating or retiring vulnerable devices is recommended as primary mitigation. The D-Link website provides general product information but no specific remediation for this issue.
Details
- CWE(s)