Cyber Resilience

CVE-2025-6896

LowPublic PoC

Published: 30 June 2025

Published
30 June 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0207 84.3th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6896 is a low-severity Command Injection (CWE-77) vulnerability in Dlink Di-7300G\+ Firmware. Its CVSS base score is 2.1 (Low).

Operationally, ranked in the top 15.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A critical vulnerability has been identified in the D-Link DI-7300G+ firmware version 19.12.25A1. The issue resides in an unknown function within the wget_test.asp file, where improper handling of the url argument enables OS command injection. The flaw is tracked under CWE-77 and CWE-78 and carries a CVSS 4.0 score of 2.1 reflecting network attack vector, low complexity, and low required privileges.

An attacker with low privileges can exploit the vulnerability remotely by supplying a crafted url value to the affected endpoint. Successful exploitation grants the ability to execute arbitrary operating system commands, resulting in limited impacts to confidentiality, integrity, and availability on the device. The exploit code has already been made public.

The associated EPSS score remains flat at 0.0207 with no material increase observed after disclosure. Public references include a detailed proof-of-concept document and multiple Vuldb entries, while the vendor site provides the primary point of contact for any subsequent firmware updates.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely.…

more

The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
di-7300g\+ firmware
19.12.25a1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References