CVE-2025-8159
Published: 25 July 2025
Summary
CVE-2025-8159 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability rated critical exists in the D-Link DIR-513 1.0 router. It resides in the formLanguageChange function of the /goform/formLanguageChange component within the HTTP POST Request Handler. Manipulation of the curTime argument triggers a stack-based buffer overflow, tracked under CWE-119, CWE-121, and CWE-787. The flaw affects an end-of-life device no longer supported by the vendor.
An authenticated remote attacker can send a crafted HTTP POST request to trigger the overflow. Successful exploitation grants full control over the device, allowing arbitrary code execution with impacts to confidentiality, integrity, and availability. The CVSS 4.0 vector reflects network access, low attack complexity, and no required user interaction.
Public exploit code has been disclosed via GitHub and vulnerability databases, though the EPSS score remains flat at 0.0159 with no observed rise after publication. No patches are available because the product is unsupported; the vendor site provides no mitigation guidance for this legacy hardware.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22707
Vulnerability details
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based…
more
buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's HTTP POST handler (formLanguageChange) directly enables remote code execution against a public-facing web application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires organizations to identify, mitigate risks, and apply controls to unsupported end-of-life components like the unpatched D-Link DIR-513 router.
Mandates risk-based remediation of documented flaws such as this critical stack-based buffer overflow, including isolation or decommissioning absent patches.
Requires validation of inputs like the curTime argument in HTTP POST requests to block manipulation leading to stack-based buffer overflows.