CVE-2025-60344
Published: 21 October 2025
Summary
CVE-2025-60344 is a high-severity Path Traversal: '../filedir' (CWE-24) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly addresses the root cause by requiring validation and sanitization of user-supplied input parameters to prevent path traversal sequences like '../' from resolving unauthorized file paths.
AC-3 enforces logical access controls to block unauthorized reading of sensitive files outside the intended directory despite malformed path inputs.
SI-2 mandates identification, reporting, and correction of flaws like this path traversal vulnerability through timely patching of affected router firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing router web interface enables exploitation (T1190) and arbitrary file reads exposing network device configs (T1602.002) and credentials in files (T1552.001).
NVD Description
A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside…
more
of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
Deeper analysisAI
CVE-2025-60344 is a path traversal vulnerability affecting D-Link DSR series routers, specifically the models DSR-150, DSR-150N, and DSR-250N running firmware version 1.09B32_WW. The flaw stems from insufficient validation or sanitization of user-supplied input parameters used for file or directory path resolution, enabling attackers to employ sequences like "../" to access files outside the intended directory. This could expose sensitive system or configuration files, as classified under CWE-24 (Path Traversal) and CWE-200 (Exposure of Sensitive Information). The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high severity due to network accessibility and confidentiality impact.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By manipulating input parameters in relevant endpoints, attackers can traverse directories and read arbitrary files, potentially retrieving configuration data, credentials, or system information that could facilitate further compromise of the router or connected networks. The changed scope (S:C) reflects the potential for broader impact beyond the vulnerable component.
Details on the vulnerability, including proof-of-concept exploits, are available in GitHub repositories published by researcher fyoozr at https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/ and https://github.com/fyoozr/vulnerability-research/tree/main/CVE-2025-60344. No official advisories or patches from D-Link are referenced in the available information.
Details
- CWE(s)