CVE-2025-14225

MediumPublic PoCUpdated

Published: 08 December 2025

Published

08 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0012 30.5th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14225 is a medium-severity Injection (CWE-74) vulnerability in Dlink Dcs-930L Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SA-22 (Unsupported System Components).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Directly addresses risks from end-of-life products like the D-Link DCS-930L by prohibiting use or applying compensating controls such as isolation or decommissioning.

RA-5 Vulnerability Monitoring and Scanning good match

detectrespond

Enables scanning to identify CVE-2025-14225 in the vulnerable camera firmware and subsequent risk mitigation since no patches are available.

SC-7 Boundary Protection good match

prevent

Prevents remote network exploitation of the command injection vulnerability by controlling access to the affected device's interfaces.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

Command injection via remote web endpoint (/setSystemAdmin AdminID parameter) enables exploitation of public-facing application (T1190), Unix shell command execution (T1059.004), and indirect command execution (T1202) as identified in advisories.

NVD Description

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit…

has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2025-14225 is a command injection vulnerability affecting the D-Link DCS-930L camera running firmware version 1.15.04. The flaw exists in an unknown part of the /setSystemAdmin file within the alphapd component, where manipulation of the AdminID argument enables command injection. Published on 2025-12-08, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-74 and CWE-77.

The vulnerability allows remote exploitation by low-privileged users (PR:L) with low attack complexity and no requirement for user interaction. Attackers can execute arbitrary commands on the device, resulting in limited impacts to confidentiality, integrity, and availability.

Advisories from VulDB and a public GitHub repository detail the issue, including proof-of-concept exploit code, confirming remote executability and public disclosure. The vulnerability only affects products no longer supported by D-Link, with no patches available; mitigation requires isolating or decommissioning affected devices.

The exploit has been publicly disclosed and may be utilized, as noted in recent VulDB entries and the GitHub disclosure.

Details

CWE(s): CWE-74 CWE-77

Affected Products

dlink

dcs-930l firmware

1.15.04

CVEs Like This One

CVE-2025-10689Same vendor: Dlink

CVE-2025-7932Same vendor: Dlink

CVE-2025-8956Same vendor: Dlink

CVE-2026-4203Same vendor: Dlink

CVE-2026-1419Same vendor: Dlink

CVE-2025-10629Same vendor: Dlink

CVE-2026-4207Same vendor: Dlink

CVE-2026-4195Same vendor: Dlink

CVE-2026-4209Same vendor: Dlink

CVE-2026-1624Same vendor: Dlink

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-1/D-Link%20Vulnerability.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.334667
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.334667
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.701774
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com