CVE-2025-13304
Published: 17 November 2025
Summary
CVE-2025-13304 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825M Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-13304 is a buffer overflow vulnerability (CWE-119, CWE-120) discovered in D-Link routers, specifically models DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M running firmware versions 1.01.07 or 1.1.47. The flaw affects unknown code in the /boafrm/formPingDiagnosticRun file and is triggered by manipulating the 'host' argument.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely with low complexity by an attacker possessing low privileges, without requiring user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially resulting in remote code execution or system crashes.
Advisories and additional details are available via VulDB entries at https://vuldb.com/?ctiid.332644, https://vuldb.com/?id.332644, https://vuldb.com/?submit.691808, and https://vuldb.com/?submit.691810, along with a GitHub issue at https://github.com/LX-LX88/cve/issues/11.
The exploit has been publicly released and may already be exploited in the wild, as noted in the vulnerability disclosure published on 2025-11-17.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-197897
Vulnerability details
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely.…
more
The exploit has been released to the public and may be exploited.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote buffer overflow in the web management interface (/boafrm/formPingDiagnosticRun) enables exploitation of a public-facing application for denial of service or potential arbitrary code execution on the router.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents buffer overflow by requiring validation of the manipulated 'host' argument in the /boafrm/formPingDiagnosticRun endpoint.
Mandates timely remediation of the known buffer overflow flaw through firmware updates for affected D-Link router models.
Implements memory protections such as address space layout randomization and non-executable stacks to mitigate exploitation of the buffer overflow even with invalid inputs.