Cyber Posture

CVE-2025-25746

CriticalPublic PoC

Published: 12 February 2025

Published
12 February 2025
Modified
18 March 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0109 78.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25746 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-853 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces bounds checking and validation on the Password parameter input to the SetWanSettings module, preventing stack-based buffer overflows.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow vulnerability.

SI-2 Flaw Remediation good match
preventrecover

Requires timely identification, reporting, and patching of the buffer overflow flaw in the D-Link DIR-853 firmware to remediate the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The remote unauthenticated stack-based buffer overflow in the SetWanSettings module of the public-facing D-Link DIR-853 router management interface directly enables T1190: Exploit Public-Facing Application, leading to arbitrary code execution or DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.

Deeper analysisAI

CVE-2025-25746 is a stack-based buffer overflow vulnerability (CWE-787) affecting the D-Link DIR-853 router with firmware version A1 FW1.20B07. The flaw resides in the SetWanSettings module, where insufficient bounds checking on the Password parameter allows an attacker to overflow the stack by supplying overly long input. Published on 2025-02-12, it carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.

The vulnerability enables remote exploitation over the network without authentication, privileges, or user interaction (AV:N/AC:L/PR:N/UI:N). Successful exploitation grants high-impact outcomes across confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially allowing arbitrary code execution, full device compromise, or denial of service on the affected router.

For mitigation details, refer to the advisory at https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-5-1812386a66448044b489f223b8c2e78a, which provides vulnerability analysis and likely patch or workaround guidance specific to the D-Link DIR-853.

Details

CWE(s)
CWE-787

Affected Products

dlink
dir-853 firmware
1.20b07

CVEs Like This One

CVE-2025-25742Same product: Dlink Dir-853
CVE-2025-25744Same product: Dlink Dir-853
CVE-2025-25745Same product: Dlink Dir-853
CVE-2025-25743Same product: Dlink Dir-853
CVE-2025-70239Same vendor: Dlink
CVE-2025-70241Same vendor: Dlink
CVE-2025-70234Same vendor: Dlink
CVE-2025-70240Same vendor: Dlink
CVE-2025-55611Same vendor: Dlink
CVE-2025-55599Same vendor: Dlink

References