CVE-2025-29042
Published: 17 April 2025
Summary
CVE-2025-29042 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2025-29042 is a command injection vulnerability (CWE-78) in the D-Link DIR-832x router firmware version 240802. The flaw resides in the handling of the macaddr key value passed to the function at address 0x42232c, enabling unauthenticated remote code execution with a CVSS 3.1 score of 9.8.
Unauthenticated attackers with network access can supply a malicious macaddr parameter to trigger arbitrary command execution. Successful exploitation grants full control over the device, allowing impacts to confidentiality, integrity, and availability without requiring user interaction or credentials.
Public references include a D-Link security bulletin page along with GitHub repositories and a gist that demonstrate the set_prohibiting-macaddr command injection vector. The EPSS score rose from a low baseline to a peak of 0.0884 on 2026-05-26 before receding to the current value of 0.0266, indicating a period of increased exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-11767
Vulnerability details
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.