Cyber Resilience

CVE-2025-25893

High

Published: 18 February 2025

Published
18 February 2025
Modified
02 May 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25893 is a high-severity OS Command Injection (CWE-78) vulnerability in Dlink Dsl-3782 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-25893 is an OS command injection vulnerability (CWE-78) affecting the D-Link DSL-3782 router running firmware version 1.01. The flaw exists in the handling of the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, enabling attackers to execute arbitrary operating system commands through a specially crafted packet. Published on 2025-02-18, it carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Exploitation requires an attacker to have adjacent network access (AV:A) and low privileges (PR:L), with low attack complexity and no user interaction needed. Successful exploitation allows arbitrary command execution on the underlying OS, potentially granting full control over the device, including data exfiltration, modification of configurations, or disruption of services.

Mitigation details and further technical analysis are documented in the referenced advisories, available at https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_2_en.pdf.

EU & UK References

Vulnerability details

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

OS command injection (CWE-78) directly enables arbitrary command execution on the router firmware's underlying Unix-like OS via crafted parameters, mapping to shell and network device CLI interpreters.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25895Same product: Dlink Dsl-3782
CVE-2025-25894Same product: Dlink Dsl-3782
CVE-2026-2061Same vendor: Dlink
CVE-2026-2120Same vendor: Dlink
CVE-2025-9752Same vendor: Dlink
CVE-2025-2717Same vendor: Dlink
CVE-2026-2260Same vendor: Dlink
CVE-2026-4465Same vendor: Dlink
CVE-2026-2210Same vendor: Dlink
CVE-2026-8273Same vendor: Dlink

Affected Assets

dlink
dsl-3782 firmware
1.01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates vulnerable parameters like inIP, insPort, and protocol to block OS command injection in crafted packets.

prevent

Remediates the specific OS command injection flaw through timely firmware patching for the D-Link DSL-3782.

prevent

Limits adjacent network access (AV:A) required for exploitation via boundary protection on router interfaces.

References