Cyber Resilience

CVE-2025-10666

HighPublic PoC

Published: 18 September 2025

Published
18 September 2025
Modified
03 February 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0761 92.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10666 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

A security flaw has been discovered in D-Link DIR-825 up to version 2.10. The vulnerability resides in the function sub_4106d4 within the apply.cgi file, where manipulation of the countdown_time argument triggers a buffer overflow. This issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4, reflecting network-accessible attack vectors with low complexity and low privileges required.

Remote attackers can exploit the flaw to compromise confidentiality, integrity, and availability on affected devices. A public proof-of-concept has already been released, enabling potential unauthorized code execution or system crashes without user interaction.

The affected hardware is explicitly noted as unsupported by the vendor, with no patches or official mitigations referenced in available advisories. The EPSS score remains flat at 0.0761 from disclosure onward, indicating no material increase in observed exploitation interest to date.

EU & UK References

Vulnerability details

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely.…

more

The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the public-facing apply.cgi web interface of the end-of-life D-Link DIR-825 router, exploitable remotely via countdown_time parameter manipulation, enables exploitation of a public-facing application for initial access or code execution.

CVEs Like This One

CVE-2025-10034Same product: Dlink Dir-825
CVE-2025-7206Same product: Dlink Dir-825
CVE-2025-8949Same product: Dlink Dir-825
CVE-2026-8260Same vendor: Dlink
CVE-2026-7289Same vendor: Dlink
CVE-2026-7857Same vendor: Dlink
CVE-2025-11338Same vendor: Dlink
CVE-2026-7853Same vendor: Dlink
CVE-2025-13553Same vendor: Dlink
CVE-2025-13304Same vendor: Dlink

Affected Assets

dlink
dir-825 firmware
≤ 2.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits the use of unsupported system components like the end-of-support D-Link DIR-825 routers affected by this unpatched buffer overflow vulnerability.

prevent

Requires timely remediation of identified flaws, driving removal or replacement of vulnerable unsupported devices where no patches are available.

prevent

Enforces validation and sanitization of information inputs such as the countdown_time argument to prevent buffer overflows in apply.cgi.

References