Cyber Resilience

CVE-2025-8159

High

Published: 25 July 2025

Published
25 July 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0159 82.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8159 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability rated critical exists in the D-Link DIR-513 1.0 router. It resides in the formLanguageChange function of the /goform/formLanguageChange component within the HTTP POST Request Handler. Manipulation of the curTime argument triggers a stack-based buffer overflow, tracked under CWE-119, CWE-121, and CWE-787. The flaw affects an end-of-life device no longer supported by the vendor.

An authenticated remote attacker can send a crafted HTTP POST request to trigger the overflow. Successful exploitation grants full control over the device, allowing arbitrary code execution with impacts to confidentiality, integrity, and availability. The CVSS 4.0 vector reflects network access, low attack complexity, and no required user interaction.

Public exploit code has been disclosed via GitHub and vulnerability databases, though the EPSS score remains flat at 0.0159 with no observed rise after publication. No patches are available because the product is unsupported; the vendor site provides no mitigation guidance for this legacy hardware.

EU & UK References

Vulnerability details

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based…

more

buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the router's HTTP POST handler (formLanguageChange) directly enables remote code execution against a public-facing web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8184Same product: Dlink Dir-513
CVE-2025-7909Same product: Dlink Dir-513
CVE-2025-70245Same product: Dlink Dir-513
CVE-2025-70237Same product: Dlink Dir-513
CVE-2025-7910Same product: Dlink Dir-513
CVE-2025-70239Same product: Dlink Dir-513
CVE-2025-70241Same product: Dlink Dir-513
CVE-2026-3978Same product: Dlink Dir-513
CVE-2025-70234Same product: Dlink Dir-513
CVE-2025-70240Same product: Dlink Dir-513

Affected Assets

dlink
dir-513 firmware
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires organizations to identify, mitigate risks, and apply controls to unsupported end-of-life components like the unpatched D-Link DIR-513 router.

prevent

Mandates risk-based remediation of documented flaws such as this critical stack-based buffer overflow, including isolation or decommissioning absent patches.

prevent

Requires validation of inputs like the curTime argument in HTTP POST requests to block manipulation leading to stack-based buffer overflows.

References