Cyber Resilience

CVE-2025-29165

Critical

Published: 05 March 2026

Published
05 March 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0063 45.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-29165 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Dlink Dir-1253 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-29165 is a privilege escalation vulnerability in the D-Link DIR-1253 MESH router running firmware version V1.6.1684. The flaw exists in the etc/shadow.sample component and is classified under CWE-269 (Improper Privilege Management). Published on 2026-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Exploitation enables privilege escalation, granting high-level access that compromises confidentiality, integrity, and availability of the affected device.

Advisories and reports detailing the issue, including potential mitigations, are available in the referenced sources: https://codeberg.org/zuhri/advisory/src/branch/main/CVE-2025-29165, https://github.com/twentysevns/Vuln-IoT-Reports/blob/main/DLINK/DIR-1253/README.md, https://www.dlink.com/en/security-bulletin/, and https://zuh.re/cve/2025-29165/. Security practitioners should consult these for firmware updates or workarounds from D-Link.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated privilege escalation (CWE-269) in public-facing router firmware directly enables T1068 (Exploitation for Privilege Escalation) and T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5984Same vendor: Dlink
CVE-2026-2962Same vendor: Dlink
CVE-2026-7288Same vendor: Dlink
CVE-2026-4555Same vendor: Dlink
CVE-2025-13547Same vendor: Dlink
CVE-2026-4213Same vendor: Dlink
CVE-2026-7855Same vendor: Dlink
CVE-2026-2925Same vendor: Dlink
CVE-2026-4486Same vendor: Dlink
CVE-2026-2854Same vendor: Dlink

Affected Assets

dlink
dir-1253 firmware
1.6.1684

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the privilege escalation vulnerability by requiring timely identification, reporting, and correction of flaws in the router firmware such as the etc/shadow.sample component.

prevent

Counters CWE-269 Improper Privilege Management by enforcing the principle of least privilege, preventing unauthorized escalation via the shadow.sample component.

prevent

Ensures secure configuration settings for system components like etc/shadow.sample, blocking remote unauthenticated access that enables privilege escalation.

References