Cyber Resilience

CVE-2025-8730

High

Published: 08 August 2025

Published
08 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.4511 97.7th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8730 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-8730 affects the web interface component of Belkin F9K1009 and F9K1010 routers running firmware versions 2.00.04 and 2.00.09. The issue stems from hard-coded credentials, assigned CWE-259 and CWE-798, and carries a CVSS 4.0 score of 8.9 reflecting network-accessible attack conditions with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the embedded credentials to obtain administrative access to the device. Public proof-of-concept material has been released detailing the flaw for both models, enabling potential full device compromise without requiring user interaction or elevated privileges.

The vendor was notified prior to disclosure but provided no response or patch. Available references consist of technical write-ups on VulDB and GitHub repositories containing exploit details, with no mitigation steps or firmware updates referenced.

The associated EPSS score remains flat at 0.4511 with no material rise observed after publication.

EU & UK References

Vulnerability details

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…

more

exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Hard-coded credentials in public web interface directly enable use of valid accounts (T1078) for remote exploitation of a public-facing application (T1190) and represent unsecured credentials stored in firmware files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7579Shared CWE-259, CWE-798
CVE-2026-6574Shared CWE-259, CWE-798
CVE-2025-11126Shared CWE-259, CWE-798
CVE-2025-8974Shared CWE-259, CWE-798
CVE-2026-9139Shared CWE-798
CVE-2026-8032Shared CWE-259, CWE-798
CVE-2026-4475Shared CWE-259, CWE-798
CVE-2026-2616Shared CWE-259, CWE-798
CVE-2024-50688Shared CWE-798
CVE-2025-1393Shared CWE-798

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses hard-coded credentials by requiring management of authenticators, including changing defaults prior to use and ensuring sufficient strength to prevent unauthorized remote access.

preventrecover

Mandates identification, reporting, and correction of critical flaws like hard-coded credentials in router firmware, enabling mitigation through isolation, replacement, or workarounds absent vendor patches.

prevent

Monitors and controls network communications to the router's web interface, blocking remote unauthenticated attackers from exploiting the hard-coded credentials.

References