CVE-2025-8169
Published: 25 July 2025
Summary
CVE-2025-8169 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by validating and sanitizing the curTime argument in HTTP POST requests to the vulnerable endpoint.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of the buffer overflow vulnerability.
Prohibits the use of unsupported end-of-life devices like the D-Link DIR-513, eliminating exposure to unpatched buffer overflow vulnerabilities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote buffer overflow in router web interface enables exploitation for privilege escalation to shell access (T1068), initial access via public-facing application (T1190), and denial-of-service via application crash (T1499.004).
NVD Description
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is…
more
possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-8169 is a critical buffer overflow vulnerability in D-Link DIR-513 router firmware version 1.10. It affects the formSetWanPPTPcallback function in the /goform/formSetWanPPTPpath file of the HTTP POST Request Handler component, triggered by manipulation of the curTime argument. The vulnerability is associated with CWE-119, CWE-120, and CWE-787, and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service, potentially allowing full device compromise via the buffer overflow.
References, including a GitHub repository detailing the exploit and VulDB advisories, confirm the exploit has been publicly disclosed. The vulnerability only affects products no longer supported by the maintainer, with no patches available; mitigation relies on network isolation, replacement of affected devices, or disabling the vulnerable HTTP POST endpoint where feasible. The D-Link website provides general product information but no specific advisory.
Details
- CWE(s)