CVE-2025-55583
Published: 28 August 2025
Summary
CVE-2025-55583 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-868L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
D-Link DIR-868L B1 routers running firmware version FW2.05WWB02 are affected by an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The /dws/api/UploadFile endpoint accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without input sanitization or authentication checks, as indicated by the associated CWEs for OS command injection, missing authentication, and exposure of sensitive resources.
Remote attackers can exploit the flaw over the network by sending crafted HTTP requests to the endpoint, achieving arbitrary command execution with root privileges and full impact on confidentiality, integrity, and availability according to the CVSS 9.8 rating.
D-Link has issued a security publication SAP10397 along with related advisories and bulletins that address the vulnerability in the affected router firmware. The EPSS score remains low with only minimal movement between its current value of 0.0146 and recorded peak of 0.0150.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26076
Vulnerability details
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers…
more
can exploit this to execute arbitrary commands as root via crafted HTTP requests.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated command injection in public web endpoint directly enables RCE via Unix shell on network device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely application of the D-Link firmware patch from security advisory SAP10397 to remediate the command injection flaw.
Requires validation and sanitization of the pre_api_arg parameter to block OS command injection in the fileaccess.cgi component.
Enforces authentication and access controls on the /dws/api/UploadFile endpoint to prevent unauthenticated remote exploitation.