CVE-2025-29165
Published: 05 March 2026
Summary
CVE-2025-29165 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Dlink Dir-1253 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the privilege escalation vulnerability by requiring timely identification, reporting, and correction of flaws in the router firmware such as the etc/shadow.sample component.
Counters CWE-269 Improper Privilege Management by enforcing the principle of least privilege, preventing unauthorized escalation via the shadow.sample component.
Ensures secure configuration settings for system components like etc/shadow.sample, blocking remote unauthenticated access that enables privilege escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated privilege escalation (CWE-269) in public-facing router firmware directly enables T1068 (Exploitation for Privilege Escalation) and T1190 (Exploit Public-Facing Application).
NVD Description
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component
Deeper analysisAI
CVE-2025-29165 is a privilege escalation vulnerability in the D-Link DIR-1253 MESH router running firmware version V1.6.1684. The flaw exists in the etc/shadow.sample component and is classified under CWE-269 (Improper Privilege Management). Published on 2026-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Exploitation enables privilege escalation, granting high-level access that compromises confidentiality, integrity, and availability of the affected device.
Advisories and reports detailing the issue, including potential mitigations, are available in the referenced sources: https://codeberg.org/zuhri/advisory/src/branch/main/CVE-2025-29165, https://github.com/twentysevns/Vuln-IoT-Reports/blob/main/DLINK/DIR-1253/README.md, https://www.dlink.com/en/security-bulletin/, and https://zuh.re/cve/2025-29165/. Security practitioners should consult these for firmware updates or workarounds from D-Link.
Details
- CWE(s)