Cyber Resilience

CVE-2025-12295

MediumPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v4 6.6 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0023 46.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12295 is a medium-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Dlink Dap-2695 Firmware. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SA-22 (Unsupported System Components).

Deeper analysis

CVE-2025-12295 is a vulnerability involving improper verification of cryptographic signatures in the Firmware Update Handler component of D-Link DAP-2695 firmware version 2.00RC13. The issue resides in the function sub_40C6B8, classified under CWE-345 (Insufficient Verification of Data Authenticity) and CWE-347 (Improper Verification of Cryptographic Signature). It carries a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating medium severity with network accessibility but high attack complexity and required high privileges.

The vulnerability enables remote exploitation where an attacker with high privileges can manipulate firmware updates to bypass signature checks, potentially leading to high confidentiality, integrity, and availability impacts. Attacks are described as highly complex with difficult exploitability, though a public exploit is available and could be used against affected devices.

References, including analyses on GitHub and VULDB, detail the flaw but note that it only impacts products no longer supported by D-Link, implying no official patches or mitigations are available. The D-Link website provides general product information but no specific advisory for this CVE. Security practitioners should isolate or decommission affected DAP-2695 devices.

Notable context includes the public availability of the exploit and its restriction to end-of-support hardware, increasing risks in legacy network environments without vendor maintenance.

EU & UK References

Vulnerability details

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of…

more

this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
Why these techniques?

Firmware update handler vulnerability allows remote bypass of cryptographic signature verification (CWE-347), enabling exploitation of public-facing application (T1190), subversion of code signing controls (T1553.002), and modification of system firmware for persistence (T1542.001).

CVEs Like This One

CVE-2025-11665Same product: Dlink Dap-2695
CVE-2025-8978Same vendor: Dlink
CVE-2025-2548Same vendor: Dlink
CVE-2025-25742Same vendor: Dlink
CVE-2025-70239Same vendor: Dlink
CVE-2025-13304Same vendor: Dlink
CVE-2025-70231Same vendor: Dlink
CVE-2026-2857Same vendor: Dlink
CVE-2026-4194Same vendor: Dlink
CVE-2025-15193Same vendor: Dlink

Affected Assets

dlink
dap-2695 firmware
2.00

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires software and firmware components to include digital signatures that are validated prior to installation, directly preventing exploitation of improper cryptographic signature verification in the firmware update handler.

preventdetect

Mandates cryptographic mechanisms like digital signatures to protect firmware integrity during updates and detect unauthorized changes, addressing the improper verification flaw.

prevent

Requires identification and mitigation of risks from unsupported system components like the end-of-support D-Link DAP-2695, preventing exploitation through isolation or decommissioning.

References