CVE-2025-7909
Published: 20 July 2025
Summary
CVE-2025-7909 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability rated critical was identified in the D-Link DIR-513 1.0 router. It resides in the sprintf function of the /goform/formLanSetupRouterSettings endpoint within the Boa Webserver component, where manipulation of the curTime argument produces a stack-based buffer overflow. The flaw is tracked as CVE-2025-7909 with CVSS 7.4 and is associated with CWE-119 and CWE-121; it affects only an end-of-life product no longer supported by the vendor.
An authenticated remote attacker can send a crafted HTTP request that overflows the stack buffer, enabling arbitrary code execution or a crash of the web server process. Public exploit code has been released, and the attack requires no user interaction beyond network reachability to the management interface.
The EPSS score has remained flat at 0.0198 with no material rise after disclosure. Available references include a detailed proof-of-concept on GitHub, entries in the VulDB database, and the vendor homepage confirming the unsupported status of the DIR-513.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22042
Vulnerability details
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based…
more
buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing Boa webserver form allows remote authenticated RCE on network device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses use of end-of-life unsupported devices like the D-Link DIR-513 by requiring disablement or removal to eliminate unpatched buffer overflow risks.
Provides memory protections like stack canaries and non-executable memory to block exploitation of stack-based buffer overflows even if triggered.
Enforces input validation for parameters like curTime to prevent buffer overflows from unsanitized data passed to unsafe functions such as sprintf.