Cyber Resilience

CVE-2025-25530

Critical

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25530 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-25530 is a buffer overflow vulnerability (CWE-120) in Digital China DCBI-Netlog-LAB Gateway version 1.0. The flaw stems from a lack of length verification when saving parental control configuration information, resulting in a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Published on 2025-02-11, it affects the gateway device's handling of configuration data.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction. Successful exploitation enables denial-of-service by crashing the target device or executing arbitrary commands, granting high-impact confidentiality, integrity, and availability compromises.

Mitigation guidance and additional details are available in the referenced advisory at https://gist.github.com/XiaoCurry/570a765f6812b8c53d35f623ee701b19.

EU & UK References

Vulnerability details

Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or…

more

execute arbitrary commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote unauthenticated buffer overflow in gateway config handling enables exploitation of public-facing applications for initial access (T1190) and arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-50398Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120
CVE-2024-57471Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of length verification on parental control configuration inputs, preventing buffer overflow exploitation.

prevent

Provides memory protection mechanisms such as address space layout randomization and non-executable stacks to block arbitrary code execution from buffer overflows.

prevent

Mandates timely flaw remediation through patching the specific buffer overflow vulnerability in the gateway software.

References