CVE-2025-10401
Published: 14 September 2025
Summary
CVE-2025-10401 is a medium-severity Injection (CWE-74) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in web interface (/goform/diag_ping) of public-facing router enables exploitation of public-facing application (T1190), indirect command execution (T1202), and network device CLI command execution (T1059.008).
NVD Description
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit…
more
is now public and may be used.
Deeper analysisAI
CVE-2025-10401 is a command injection vulnerability in D-Link DIR-823x routers running firmware versions up to 250416. The flaw affects an unknown function in the /goform/diag_ping file, where attackers can manipulate the target_addr argument to inject commands. It is classified under CWE-74 and CWE-77, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Remote attackers with low privileges, such as authenticated users, can exploit this vulnerability over the network with low complexity and no user interaction. Exploitation enables command injection, resulting in low impacts to confidentiality, integrity, and availability.
Advisories from VulDB detail the vulnerability and submission process, while a GitHub repository provides a public exploit for D-Link DIR-823X AX3000. The D-Link website offers general support resources, though specific patch details are not outlined in available references.
The exploit is publicly available and may be used, increasing the risk of real-world attacks on unpatched devices.
Details
- CWE(s)