CVE-2025-8730
Published: 08 August 2025
Summary
CVE-2025-8730 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 8.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2025-8730 affects the web interface component of Belkin F9K1009 and F9K1010 routers running firmware versions 2.00.04 and 2.00.09. The issue stems from hard-coded credentials, assigned CWE-259 and CWE-798, and carries a CVSS 4.0 score of 8.9 reflecting network-accessible attack conditions with high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can exploit the embedded credentials to obtain administrative access to the device. Public proof-of-concept material has been released detailing the flaw for both models, enabling potential full device compromise without requiring user interaction or elevated privileges.
The vendor was notified prior to disclosure but provided no response or patch. Available references consist of technical write-ups on VulDB and GitHub repositories containing exploit details, with no mitigation steps or firmware updates referenced.
The associated EPSS score remains flat at 0.4511 with no material rise observed after publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23988
Vulnerability details
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…
more
exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded credentials in public web interface directly enable use of valid accounts (T1078) for remote exploitation of a public-facing application (T1190) and represent unsecured credentials stored in firmware files (T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses hard-coded credentials by requiring management of authenticators, including changing defaults prior to use and ensuring sufficient strength to prevent unauthorized remote access.
Mandates identification, reporting, and correction of critical flaws like hard-coded credentials in router firmware, enabling mitigation through isolation, replacement, or workarounds absent vendor patches.
Monitors and controls network communications to the router's web interface, blocking remote unauthenticated attackers from exploiting the hard-coded credentials.