CVE-2025-2549
Published: 20 March 2025
Summary
CVE-2025-2549 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Dlink Dir-618 Firmware. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SA-22 (Unsupported System Components).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to system resources, directly countering the improper access controls vulnerability in /goform/formSetPassword.
Prohibits or compensates for unsupported system components like the end-of-life D-Link DIR-618 and DIR-605L routers, eliminating exposure to unpatchable flaws.
Requires timely remediation of identified flaws including this access control issue via patching, mitigation, or system discontinuation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control vulnerability in /goform/formSetPassword allows unauthenticated local network attackers to set the admin password via crafted HTTP POST, enabling exploitation for privilege escalation (T1068).
NVD Description
A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done…
more
within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-2549 is a problematic vulnerability affecting D-Link DIR-618 and DIR-605L routers on firmware versions 2.02 and 3.02. The issue involves an unknown functionality in the /goform/formSetPassword file, where manipulation results in improper access controls (CWE-266, CWE-284). Published on 2025-03-20, it carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) and impacts only products no longer supported by the maintainer.
Attackers positioned within the local network can exploit this vulnerability with low complexity, no required privileges, and no user interaction. Exploitation enables manipulation leading to improper access controls, resulting in low-impact integrity violations but no effects on confidentiality or availability.
Advisories note that the exploit has been publicly disclosed and may be used, with details available via VulDB entries (ctiid.300163, id.300163) and Notion pages specific to the DIR-605L and DIR-618. No patches are available due to end-of-support status for the affected products.
Details
- CWE(s)