Cyber Resilience

CVE-2025-29042

CriticalPublic PoCRCE

Published: 17 April 2025

Published
17 April 2025
Modified
25 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0266 86.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29042 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2025-29042 is a command injection vulnerability (CWE-78) in the D-Link DIR-832x router firmware version 240802. The flaw resides in the handling of the macaddr key value passed to the function at address 0x42232c, enabling unauthenticated remote code execution with a CVSS 3.1 score of 9.8.

Unauthenticated attackers with network access can supply a malicious macaddr parameter to trigger arbitrary command execution. Successful exploitation grants full control over the device, allowing impacts to confidentiality, integrity, and availability without requiring user interaction or credentials.

Public references include a D-Link security bulletin page along with GitHub repositories and a gist that demonstrate the set_prohibiting-macaddr command injection vector. The EPSS score rose from a low baseline to a peak of 0.0884 on 2026-05-26 before receding to the current value of 0.0266, indicating a period of increased exploitation interest following disclosure.

EU & UK References

Vulnerability details

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-823x firmware
240802

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References