CVE-2025-14884
Published: 18 December 2025
Summary
CVE-2025-14884 is a high-severity Injection (CWE-74) vulnerability in Dlink Dir-605 Firmware. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A command injection vulnerability exists in the firmware update service of the D-Link DIR-605 router running firmware version 202WWB03. The flaw, tracked as CVE-2025-14884 and assigned CWE-74 and CWE-77, allows an attacker to inject operating system commands through manipulation of the affected component. The device is explicitly noted as no longer supported by its maintainer.
The vulnerability can be triggered remotely by an authenticated administrator. Successful exploitation grants the attacker full control over the device, resulting in high impact to confidentiality, integrity, and availability. A public exploit is already available.
No vendor patches or mitigations are provided because the product has reached end-of-support. The associated EPSS score remains flat at 0.0154 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-204381
Vulnerability details
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and…
more
may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.