CVE-2025-15190
Published: 29 December 2025
Summary
CVE-2025-15190 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dwr-M920 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the ip6addr argument in the formFilter function to ensure it conforms to expected IPv6 format and length bounds.
Implements memory protections such as stack canaries, ASLR, and non-executable stacks to block exploitation of the buffer overflow even if invalid input reaches the vulnerable function.
Requires timely identification, reporting, and patching of the known firmware flaw in D-Link DWR-M920 up to version 1.1.50 to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the web management interface (/boafrm/formFilter) of D-Link DWR-M920 router allows remote exploitation of a public-facing application for initial access.
NVD Description
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit…
more
has been released to the public and may be exploited.
Deeper analysisAI
CVE-2025-15190 is a stack-based buffer overflow vulnerability affecting D-Link DWR-M920 router firmware versions up to 1.1.50. The flaw resides in the function sub_42261C within the file /boafrm/formFilter, where manipulation of the ip6addr argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely over the network with low complexity and low privileges required, without user interaction. An attacker with low privileges can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution via the buffer overflow.
References point to GitHub repositories under panda666-888/vuls detailing the D-Link DWR-M920 formFilter vulnerability, including a proof-of-concept exploit. VulDB entries (ctiid.338575, id.338575, submit.723553) document the issue, but no vendor advisories or specific patches are mentioned.
The exploit has been publicly released, enabling potential immediate exploitation in the wild. The vulnerability was published on 2025-12-29.
Details
- CWE(s)