Cyber Resilience

CVE-2025-7945

High

Published: 22 July 2025

Published
22 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0118 79.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7945 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

A buffer overflow vulnerability exists in the D-Link DIR-513 router firmware up to version 20190831. The flaw resides in the formSetWanDhcpplus function within the /goform/formSetWanDhcpplus endpoint, where improper handling of the curTime argument allows an attacker to overwrite memory. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 8.7.

An authenticated remote attacker can send a crafted HTTP request to the affected endpoint, triggering the overflow to achieve arbitrary code execution or a denial of service on the device. Because the router is no longer supported by D-Link, no official patches are available.

Public references include a detailed technical write-up and proof-of-concept on GitHub along with entries in the VulDB database. The EPSS score remains low and unchanged at 0.0118, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be…

more

initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in exposed web form (formSetWanDhcpplus) on network device directly enables remote exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120
CVE-2026-8775Shared CWE-119, CWE-120
CVE-2026-1328Shared CWE-119, CWE-120
CVE-2026-3701Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-11356Shared CWE-119, CWE-120
CVE-2026-8260Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120

Affected Assets

Dlink
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the curTime input argument to prevent buffer overflow exploitation in the formSetWanDhcpplus function.

prevent

Implements memory protection mechanisms such as non-executable stacks and address space randomization to mitigate buffer overflow exploits.

prevent

Prohibits use of unsupported end-of-life products like the D-Link DIR-513, eliminating exposure to unpatchable vulnerabilities like this buffer overflow.

References