CVE-2025-7206
Published: 09 July 2025
Summary
CVE-2025-7206 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 8.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SA-22 (Unsupported System Components).
Deeper analysis
A critical stack-based buffer overflow vulnerability, tracked as CVE-2025-7206 and assigned CWE-119 and CWE-121, affects the D-Link DIR-825 router running firmware version 2.10. The issue resides in the sub_410DDC function of switch_language.cgi within the httpd component, where unsanitized input to the Language argument can corrupt the stack.
An unauthenticated attacker can trigger the flaw over the network without user interaction, achieving full compromise of confidentiality, integrity, and availability on the device. The CVSS 4.0 score of 8.9 reflects this remote attack surface, and a working exploit has already been published.
The affected product line is no longer supported by D-Link, so no official patches are expected; the vendor's site and public disclosures simply reiterate end-of-life status. The associated EPSS score remains flat at 0.0295 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20760
Vulnerability details
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The…
more
attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing router web CGI (httpd/switch_language.cgi) enables remote unauthenticated RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces boundary protections such as firewalls to block remote network access to the vulnerable httpd service on internet-exposed D-Link DIR-825 routers.
Restricts router functionality by prohibiting or disabling unnecessary exposure of the vulnerable web management interface (switch_language.cgi).
Prohibits or isolates the use of unsupported end-of-life components like the unpatchable D-Link DIR-825 firmware version 2.10.