CVE-2025-29039
Published: 17 April 2025
Summary
CVE-2025-29039 is a high-severity Code Injection (CWE-94) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 16.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2025-29039 is a command-injection vulnerability (CWE-94) in the D-Link DIR-832x router running firmware version 240802. The flaw resides in the function at address 0x41dda8 and permits an authenticated remote attacker to supply crafted input that results in arbitrary code execution on the device.
An attacker with administrative credentials can reach the affected function over the network and inject operating-system commands. Successful exploitation grants full control of the router, enabling modification of configuration, interception of traffic, or use of the device as a pivot point inside the target network. The CVSS 7.2 score reflects the combination of network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability.
D-Link has published a security bulletin addressing the issue, and public proof-of-concept material demonstrates command injection through the set_ntp year parameter. The associated EPSS score rose from a low baseline to a peak of 0.0304, indicating measurable post-disclosure interest in exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-11558
Vulnerability details
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Validates inputs used in dynamic code generation to block injected directives.
Directly prevents execution of attacker-supplied code written into data memory regions.