CVE-2025-7909
Published: 20 July 2025
Summary
CVE-2025-7909 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses use of end-of-life unsupported devices like the D-Link DIR-513 by requiring disablement or removal to eliminate unpatched buffer overflow risks.
Provides memory protections like stack canaries and non-executable memory to block exploitation of stack-based buffer overflows even if triggered.
Enforces input validation for parameters like curTime to prevent buffer overflows from unsanitized data passed to unsafe functions such as sprintf.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing Boa webserver form allows remote authenticated RCE on network device.
NVD Description
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based…
more
buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-7909 is a critical stack-based buffer overflow vulnerability (CVSS 3.1 score of 8.8) affecting the D-Link DIR-513 router on firmware version 1.0. The flaw exists in the sprintf function within the /goform/formLanSetupRouterSettings file of the Boa Webserver component, where manipulation of the curTime argument triggers the overflow. It is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability enables remote exploitation by authenticated users with low privileges (PR:L), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution on the device.
Advisories from VulDB (ctiid.317024, id.317024) and a GitHub repository detail the issue and provide a publicly disclosed exploit. The D-Link website is referenced, but the vulnerability only affects products no longer supported by the maintainer, with no patches available. Mitigation requires isolating or decommissioning affected devices.
Details
- CWE(s)