CVE-2025-7908
Published: 20 July 2025
Summary
CVE-2025-7908 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 Flaw Remediation directly addresses the critical stack-based buffer overflow in D-Link DI-8100's jhttpd by requiring identification, reporting, and correction of this specific flaw via patches or mitigations.
SI-10 Information Input Validation prevents the remote exploitation by enforcing validation of the manipulated 'mx' argument in /ddns.asp?opt=add before processing with sprintf.
SI-16 Memory Protection mitigates stack-based buffer overflow exploitation through safeguards like stack canaries, ASLR, and non-executable memory, reducing the impact of the CVE even if triggered.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing jhttpd web component (/ddns.asp) directly enables remote code execution against a network-accessible application.
NVD Description
A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer…
more
overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7908 is a critical stack-based buffer overflow vulnerability affecting D-Link DI-8100 version 1.0. The issue resides in the sprintf function of the /ddns.asp?opt=add file within the jhttpd component. It is triggered by manipulation of the mx argument and has been assigned CWE-119 and CWE-121.
The vulnerability enables remote exploitation over the network (AV:N) with low privileges required (PR:L) and no user interaction (UI:N). Attackers can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), resulting in a CVSS v3.1 base score of 8.8. An exploit has been publicly disclosed and may be used by attackers.
Advisories and details are available via VulDB entries and a GitHub repository containing exploit information, with the vendor site at dlink.com potentially providing further guidance. No specific patch details are outlined in the core disclosure.
The public availability of the exploit elevates the risk for exposed D-Link DI-8100 devices.
Details
- CWE(s)