CVE-2025-25742
Published: 12 February 2025
Summary
CVE-2025-25742 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-853 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces bounds checking and input validation on parameters like AccountPassword to prevent stack-based buffer overflows in the SetSysEmailSettings module.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of stack-based buffer overflows leading to arbitrary code execution.
Requires timely identification, reporting, and patching of flaws like this buffer overflow via firmware updates for the D-Link DIR-853 router.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unauthenticated remote stack-based buffer overflow in the public-facing SetSysEmailSettings module of the D-Link router directly enables arbitrary code execution via exploitation of a public-facing application.
NVD Description
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.
Deeper analysisAI
CVE-2025-25742 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-853 router running firmware version A1 FW1.20B07. The flaw resides in the SetSysEmailSettings module, where insufficient bounds checking on the AccountPassword parameter allows an attacker to overwrite the stack with malicious input. This issue is classified under CWE-787 (Out-of-bounds Write) and carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to high impacts on confidentiality, integrity, and availability.
The vulnerability can be exploited by any unauthenticated attacker with network access to the device, requiring low complexity and no user interaction (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation enables arbitrary code execution, potentially granting full remote control over the router, including data exfiltration, modification of configurations, or use as a pivot point in the network.
Mitigation details and additional technical analysis are provided in the advisory at https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-3-1812386a664480feaf1ceab444b132b3, published on 2025-02-12. Security practitioners should check for firmware updates from D-Link or apply network segmentation and access controls to exposed devices until patched.
Details
- CWE(s)