CVE-2025-10666
Published: 18 September 2025
Summary
CVE-2025-10666 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A security flaw has been discovered in D-Link DIR-825 up to version 2.10. The vulnerability resides in the function sub_4106d4 within the apply.cgi file, where manipulation of the countdown_time argument triggers a buffer overflow. This issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4, reflecting network-accessible attack vectors with low complexity and low privileges required.
Remote attackers can exploit the flaw to compromise confidentiality, integrity, and availability on affected devices. A public proof-of-concept has already been released, enabling potential unauthorized code execution or system crashes without user interaction.
The affected hardware is explicitly noted as unsupported by the vendor, with no patches or official mitigations referenced in available advisories. The EPSS score remains flat at 0.0761 from disclosure onward, indicating no material increase in observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-29982
Vulnerability details
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely.…
more
The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing apply.cgi web interface of the end-of-life D-Link DIR-825 router, exploitable remotely via countdown_time parameter manipulation, enables exploitation of a public-facing application for initial access or code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prohibits the use of unsupported system components like the end-of-support D-Link DIR-825 routers affected by this unpatched buffer overflow vulnerability.
Requires timely remediation of identified flaws, driving removal or replacement of vulnerable unsupported devices where no patches are available.
Enforces validation and sanitization of information inputs such as the countdown_time argument to prevent buffer overflows in apply.cgi.