Cyber Resilience

CVE-2025-2548

MediumPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
15 July 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 63.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2548 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Dlink Dir-618 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-2548 is a problematic vulnerability involving improper access controls (CWE-266, CWE-284) in an unknown function of the /goform/formSetDomainFilter file on D-Link DIR-618 and DIR-605L routers running firmware versions 2.02 and 3.02. Published on 2025-03-20, it carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

An attacker positioned on the adjacent local network can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Exploitation enables limited integrity impacts, such as unauthorized modifications due to the improper access controls, but does not affect confidentiality or availability.

Advisories note that the affected products are no longer supported by the maintainer, with no patches available. The exploit has been publicly disclosed and may be used, as detailed in references including VulDB entries and Notion site postings.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The attack can only be initiated within the local…

more

network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability allows unauthenticated modification of router configuration via a web form due to improper access controls, directly enabling exploitation of the network device's application interface from an adjacent network.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2549Same product: Dlink Dir-605L
CVE-2026-4194Same vendor: Dlink
CVE-2026-2055Same product: Dlink Dir-605L
CVE-2026-2054Same product: Dlink Dir-605L
CVE-2026-5983Same product: Dlink Dir-605L
CVE-2026-5981Same product: Dlink Dir-605L
CVE-2026-5980Same product: Dlink Dir-605L
CVE-2026-4180Same vendor: Dlink
CVE-2026-5982Same product: Dlink Dir-605L
CVE-2026-5979Same product: Dlink Dir-605L

Affected Assets

dlink
dir-618 firmware
2.02
dlink
dir-605l firmware
3.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates enforcement of approved access authorizations, comprehensively addressing the improper access controls in the /goform/formSetDomainFilter function.

prevent

Prohibits use of unsupported system components like the end-of-life D-Link routers, eliminating exposure to this unpatchable vulnerability.

prevent

Enforces least privilege to ensure only authorized access to system functions, mitigating unauthorized modifications enabled by the flaw.

References