CVE-2025-50645
Published: 08 April 2026
Summary
CVE-2025-50645 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-50645 by identifying and applying vendor firmware patches that remediate the buffer overflow in the pppoe_list_opt.asp endpoint.
Implements input validation mechanisms at the web endpoint to reject excessively large 's' parameter values, preventing the buffer overflow condition.
Provides denial-of-service protections that limit the impact of availability disruptions caused by exploitation of the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing web endpoint (pppoe_list_opt.asp) directly enables unauthenticated remote exploitation of the application for DoS via crafted HTTP requests.
NVD Description
A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter,…
more
an attacker can trigger a buffer overflow condition.
Deeper analysisAI
CVE-2025-50645 is a buffer overflow vulnerability (CWE-120) affecting the D-Link DI-8003 device running firmware version 16.07.26A1. The issue arises in the pppoe_list_opt.asp web endpoint, where manipulating the 's' parameter with an excessively large value in a crafted HTTP request triggers a buffer overflow condition. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for availability disruption.
Any unauthenticated attacker with network access to the affected device can exploit this vulnerability by sending a specially crafted request to the vulnerable endpoint. Successful exploitation leads to a denial-of-service condition through application crash or instability, with no reported impact on confidentiality or integrity.
D-Link has issued security advisories addressing this issue, including support announcement SAP10505 and updates via their security bulletin page. Additional details are available in the vendor's publications and community collections such as the IoT vulnerability repository on GitHub. Practitioners should consult these references for patch availability and mitigation guidance.
Details
- CWE(s)