CVE-2025-12295
Published: 27 October 2025
Summary
CVE-2025-12295 is a medium-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Dlink Dap-2695 Firmware. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SA-22 (Unsupported System Components).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires software and firmware components to include digital signatures that are validated prior to installation, directly preventing exploitation of improper cryptographic signature verification in the firmware update handler.
Mandates cryptographic mechanisms like digital signatures to protect firmware integrity during updates and detect unauthorized changes, addressing the improper verification flaw.
Requires identification and mitigation of risks from unsupported system components like the end-of-support D-Link DAP-2695, preventing exploitation through isolation or decommissioning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Firmware update handler vulnerability allows remote bypass of cryptographic signature verification (CWE-347), enabling exploitation of public-facing application (T1190), subversion of code signing controls (T1553.002), and modification of system firmware for persistence (T1542.001).
NVD Description
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of…
more
this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-12295 is a vulnerability involving improper verification of cryptographic signatures in the Firmware Update Handler component of D-Link DAP-2695 firmware version 2.00RC13. The issue resides in the function sub_40C6B8, classified under CWE-345 (Insufficient Verification of Data Authenticity) and CWE-347 (Improper Verification of Cryptographic Signature). It carries a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating medium severity with network accessibility but high attack complexity and required high privileges.
The vulnerability enables remote exploitation where an attacker with high privileges can manipulate firmware updates to bypass signature checks, potentially leading to high confidentiality, integrity, and availability impacts. Attacks are described as highly complex with difficult exploitability, though a public exploit is available and could be used against affected devices.
References, including analyses on GitHub and VULDB, detail the flaw but note that it only impacts products no longer supported by D-Link, implying no official patches or mitigations are available. The D-Link website provides general product information but no specific advisory for this CVE. Security practitioners should isolate or decommission affected DAP-2695 devices.
Notable context includes the public availability of the exploit and its restriction to end-of-support hardware, increasing risks in legacy network environments without vendor maintenance.
Details
- CWE(s)