CVE-2025-25530
Published: 11 February 2025
Summary
CVE-2025-25530 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-25530 is a buffer overflow vulnerability (CWE-120) in Digital China DCBI-Netlog-LAB Gateway version 1.0. The flaw stems from a lack of length verification when saving parental control configuration information, resulting in a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Published on 2025-02-11, it affects the gateway device's handling of configuration data.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction. Successful exploitation enables denial-of-service by crashing the target device or executing arbitrary commands, granting high-impact confidentiality, integrity, and availability compromises.
Mitigation guidance and additional details are available in the referenced advisory at https://gist.github.com/XiaoCurry/570a765f6812b8c53d35f623ee701b19.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4128
Vulnerability details
Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or…
more
execute arbitrary commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in gateway config handling enables exploitation of public-facing applications for initial access (T1190) and arbitrary command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the lack of length verification on parental control configuration inputs, preventing buffer overflow exploitation.
Provides memory protection mechanisms such as address space layout randomization and non-executable stacks to block arbitrary code execution from buffer overflows.
Mandates timely flaw remediation through patching the specific buffer overflow vulnerability in the gateway software.