Cyber Resilience

CVE-2025-25746

CriticalPublic PoC

Published: 12 February 2025

Published
12 February 2025
Modified
18 March 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0134 80.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25746 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-853 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

D-Link DIR-853 A1 firmware version FW1.20B07 contains a stack-based buffer overflow in the SetWanSettings module that is triggered through the Password parameter. The flaw is tracked as CVE-2025-25746, carries a CVSS 3.1 score of 9.8, and is classified under CWE-787.

An unauthenticated attacker with network access can supply a crafted Password value to the affected module, resulting in arbitrary code execution, information disclosure, or denial of service on the device. The attack requires no user interaction and can be performed remotely with low complexity.

The single available reference is a Notion page that does not describe vendor patches or mitigation steps. The associated EPSS score remains low, with a current value of 0.0134 and a peak of 0.0158.

EU & UK References

Vulnerability details

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The remote unauthenticated stack-based buffer overflow in the SetWanSettings module of the public-facing D-Link DIR-853 router management interface directly enables T1190: Exploit Public-Facing Application, leading to arbitrary code execution or DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25742Same product: Dlink Dir-853
CVE-2025-25744Same product: Dlink Dir-853
CVE-2025-25745Same product: Dlink Dir-853
CVE-2025-25743Same product: Dlink Dir-853
CVE-2025-70239Same vendor: Dlink
CVE-2025-55611Same vendor: Dlink
CVE-2025-70234Same vendor: Dlink
CVE-2025-70237Same vendor: Dlink
CVE-2025-70240Same vendor: Dlink
CVE-2025-70245Same vendor: Dlink

Affected Assets

dlink
dir-853 firmware
1.20b07

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces bounds checking and validation on the Password parameter input to the SetWanSettings module, preventing stack-based buffer overflows.

prevent

Implements memory protections such as stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow vulnerability.

preventrecover

Requires timely identification, reporting, and patching of the buffer overflow flaw in the D-Link DIR-853 firmware to remediate the vulnerability.

References