Cyber Posture

CVE-2025-25893

High

Published: 18 February 2025

Published
18 February 2025
Modified
02 May 2025
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 10.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25893 is a high-severity OS Command Injection (CWE-78) vulnerability in Dlink Dsl-3782 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates vulnerable parameters like inIP, insPort, and protocol to block OS command injection in crafted packets.

SI-2 Flaw Remediation good match
prevent

Remediates the specific OS command injection flaw through timely firmware patching for the D-Link DSL-3782.

SC-7 Boundary Protection partial match
prevent

Limits adjacent network access (AV:A) required for exploitation via boundary protection on router interfaces.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
attack.mitre.org →
Why these techniques?

OS command injection (CWE-78) directly enables arbitrary command execution on the router firmware's underlying Unix-like OS via crafted parameters, mapping to shell and network device CLI interpreters.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.

Deeper analysisAI

CVE-2025-25893 is an OS command injection vulnerability (CWE-78) affecting the D-Link DSL-3782 router running firmware version 1.01. The flaw exists in the handling of the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, enabling attackers to execute arbitrary operating system commands through a specially crafted packet. Published on 2025-02-18, it carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Exploitation requires an attacker to have adjacent network access (AV:A) and low privileges (PR:L), with low attack complexity and no user interaction needed. Successful exploitation allows arbitrary command execution on the underlying OS, potentially granting full control over the device, including data exfiltration, modification of configurations, or disruption of services.

Mitigation details and further technical analysis are documented in the referenced advisories, available at https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_2_en.pdf.

Details

CWE(s)
CWE-78

Affected Products

dlink
dsl-3782 firmware
1.01

CVEs Like This One

CVE-2025-25894Same product: Dlink Dsl-3782
CVE-2025-25895Same product: Dlink Dsl-3782
CVE-2026-2061Same vendor: Dlink
CVE-2025-2717Same vendor: Dlink
CVE-2026-2120Same vendor: Dlink
CVE-2025-9752Same vendor: Dlink
CVE-2026-1506Same vendor: Dlink
CVE-2026-2175Same vendor: Dlink
CVE-2026-2210Same vendor: Dlink
CVE-2026-2260Same vendor: Dlink

References