CVE-2025-10666
Published: 18 September 2025
Summary
CVE-2025-10666 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of unsupported system components like the end-of-support D-Link DIR-825 routers affected by this unpatched buffer overflow vulnerability.
Requires timely remediation of identified flaws, driving removal or replacement of vulnerable unsupported devices where no patches are available.
Enforces validation and sanitization of information inputs such as the countdown_time argument to prevent buffer overflows in apply.cgi.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing apply.cgi web interface of the end-of-life D-Link DIR-825 router, exploitable remotely via countdown_time parameter manipulation, enables exploitation of a public-facing application for initial access or code execution.
NVD Description
A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely.…
more
The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-10666 is a buffer overflow vulnerability affecting D-Link DIR-825 routers running firmware versions up to 2.10. The flaw resides in the sub_4106d4 function within the apply.cgi file, where manipulation of the countdown_time argument triggers the overflow. This issue, classified under CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-09-18.
The vulnerability enables remote exploitation by an attacker with low privileges, such as an authenticated user on the device. No user interaction is required, and low attack complexity allows straightforward execution over the network. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, potentially leading to full device control. A proof-of-concept exploit has been publicly released.
Advisories from sources like VulDB and related GitHub repositories detail the vulnerability and POC but note no patches are available, as the affected products are no longer supported by the maintainer. Mitigation relies on network segmentation, access controls, or device replacement.
In notable context, the public exploit availability heightens risks for deployed D-Link DIR-825 devices, particularly in environments overlooking end-of-support hardware.
Details
- CWE(s)