CVE-2025-11096
Published: 28 September 2025
Summary
CVE-2025-11096 is a low-severity Injection (CWE-74) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31452
Vulnerability details
A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been…
more
published and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote command injection vulnerability in the router's web-based diag_traceroute feature (public-facing application) enables T1190 (Exploit Public-Facing Application). It facilitates arbitrary OS command execution via injected target_addr parameter, aligning with T1202 (Indirect Command Execution) as noted in advisories and T1059.008 (Network Device CLI) for command execution on the networking device.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.