CVE-2025-8159
Published: 25 July 2025
Summary
CVE-2025-8159 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires organizations to identify, mitigate risks, and apply controls to unsupported end-of-life components like the unpatched D-Link DIR-513 router.
Mandates risk-based remediation of documented flaws such as this critical stack-based buffer overflow, including isolation or decommissioning absent patches.
Requires validation of inputs like the curTime argument in HTTP POST requests to block manipulation leading to stack-based buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's HTTP POST handler (formLanguageChange) directly enables remote code execution against a public-facing web application.
NVD Description
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based…
more
buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-8159 is a critical stack-based buffer overflow vulnerability, assigned a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), affecting D-Link DIR-513 routers running version 1.0. The flaw exists in the formLanguageChange function within the /goform/formLanguageChange file of the HTTP POST Request Handler component. It is triggered by manipulating the curTime argument in a crafted request, as associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).
The vulnerability is remotely exploitable over the network by an attacker with low privileges, requiring no user interaction. Exploitation can result in high impacts to confidentiality, integrity, and availability. A public exploit has been disclosed, increasing the risk for affected systems.
This issue only impacts D-Link DIR-513 products that are no longer supported by the manufacturer, with no patches available. Advisories from VulDB detail the vulnerability and submission history, while a GitHub repository provides exploit specifics. The D-Link website offers general product information but no specific mitigation guidance. Security practitioners should decommission or isolate these end-of-life devices to prevent exploitation.
Details
- CWE(s)