CVE-2025-25746
Published: 12 February 2025
Summary
CVE-2025-25746 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-853 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
D-Link DIR-853 A1 firmware version FW1.20B07 contains a stack-based buffer overflow in the SetWanSettings module that is triggered through the Password parameter. The flaw is tracked as CVE-2025-25746, carries a CVSS 3.1 score of 9.8, and is classified under CWE-787.
An unauthenticated attacker with network access can supply a crafted Password value to the affected module, resulting in arbitrary code execution, information disclosure, or denial of service on the device. The attack requires no user interaction and can be performed remotely with low complexity.
The single available reference is a Notion page that does not describe vendor patches or mitigation steps. The associated EPSS score remains low, with a current value of 0.0134 and a peak of 0.0158.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4135
Vulnerability details
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote unauthenticated stack-based buffer overflow in the SetWanSettings module of the public-facing D-Link DIR-853 router management interface directly enables T1190: Exploit Public-Facing Application, leading to arbitrary code execution or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces bounds checking and validation on the Password parameter input to the SetWanSettings module, preventing stack-based buffer overflows.
Implements memory protections such as stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow vulnerability.
Requires timely identification, reporting, and patching of the buffer overflow flaw in the D-Link DIR-853 firmware to remediate the vulnerability.