CVE-2025-7932
Published: 21 July 2025
Summary
CVE-2025-7932 is a low-severity Injection (CWE-74) vulnerability in Dlink Dir-817L Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A critical command injection vulnerability has been identified in the D-Link DIR-817L router running firmware up to version 1.04B01. The flaw resides in the lxmldbc_system function of the ssdpcgi component and stems from improper handling of input that allows arbitrary command execution, corresponding to CWE-74 and CWE-77. The issue is remotely triggerable and carries a CVSS 4.0 score of 2.1 reflecting limited impacts under low-privileged access.
An authenticated remote attacker can supply crafted input to the affected function and execute operating-system commands on the device. Successful exploitation yields limited effects on confidentiality, integrity, and availability without requiring user interaction. A public exploit has already been released, enabling straightforward reproduction by anyone with network access to the device.
No vendor advisory or patch information is provided in the available references, which include only a disclosure write-up, VulDB entries, and the vendor homepage. The EPSS score remains flat at 0.0225 with no observed increase after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22123
Vulnerability details
A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has…
more
been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in SSDP CGI (ssdpcgi.lxmldbc_system) enables exploitation of public-facing application (T1190) for remote Unix shell command execution (T1059.004) via indirect command execution (T1202).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the input manipulation of lxmldbc_system that produces command injection.
Requires timely patching or removal of the publicly disclosed flaw in ssdpcgi before exploitation.
Disables or restricts the unnecessary SSDP/SSDPCGI service that contains the injectable function.