CVE-2025-2548

MediumPublic PoC

Published: 20 March 2025

Published

20 March 2025

Modified

15 July 2025

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score 0.0039 60.3th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2548 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Dlink Dir-618 Firmware. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly mandates enforcement of approved access authorizations, comprehensively addressing the improper access controls in the /goform/formSetDomainFilter function.

SA-22 Unsupported System Components good match

prevent

Prohibits use of unsupported system components like the end-of-life D-Link routers, eliminating exposure to this unpatchable vulnerability.

AC-6 Least Privilege good match

prevent

Enforces least privilege to ensure only authorized access to system functions, mitigating unauthorized modifications enabled by the flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated modification of router configuration via a web form due to improper access controls, directly enabling exploitation of the network device's application interface from an adjacent network.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The attack can only be initiated within the local…

network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2025-2548 is a problematic vulnerability involving improper access controls (CWE-266, CWE-284) in an unknown function of the /goform/formSetDomainFilter file on D-Link DIR-618 and DIR-605L routers running firmware versions 2.02 and 3.02. Published on 2025-03-20, it carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

An attacker positioned on the adjacent local network can exploit this vulnerability with low complexity, requiring no privileges or user interaction. Exploitation enables limited integrity impacts, such as unauthorized modifications due to the improper access controls, but does not affect confidentiality or availability.

Advisories note that the affected products are no longer supported by the maintainer, with no patches available. The exploit has been publicly disclosed and may be used, as detailed in references including VulDB entries and Notion site postings.

Details

CWE(s): CWE-266 CWE-284

Affected Products

dlink

dir-618 firmware

2.02

dlink

dir-605l firmware

3.02

CVEs Like This One

CVE-2025-2549Same product: Dlink Dir-605L

CVE-2026-5982Same product: Dlink Dir-605L

CVE-2026-5981Same product: Dlink Dir-605L

CVE-2026-5980Same product: Dlink Dir-605L

CVE-2026-2055Same product: Dlink Dir-605L

CVE-2026-5983Same product: Dlink Dir-605L

CVE-2026-5979Same product: Dlink Dir-605L

CVE-2026-4194Same vendor: Dlink

CVE-2026-2054Same product: Dlink Dir-605L

CVE-2026-4180Same vendor: Dlink

References

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDomainFilter-1b153a41781f80498fcdf9d675df9b39?pvs=4
Exploit, Third Party Advisory · cna@vuldb.com
https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDomainFilter-1b053a41781f80ffa989c54c391636f6?pvs=4
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.300162
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.300162
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.516790
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com