CVE-2025-8730
Published: 08 August 2025
Summary
CVE-2025-8730 is a critical-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses hard-coded credentials by requiring management of authenticators, including changing defaults prior to use and ensuring sufficient strength to prevent unauthorized remote access.
Mandates identification, reporting, and correction of critical flaws like hard-coded credentials in router firmware, enabling mitigation through isolation, replacement, or workarounds absent vendor patches.
Monitors and controls network communications to the router's web interface, blocking remote unauthenticated attackers from exploiting the hard-coded credentials.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded credentials in public web interface directly enable use of valid accounts (T1078) for remote exploitation of a public-facing application (T1190) and represent unsecured credentials stored in firmware files (T1552.001).
NVD Description
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…
more
exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-8730 is a critical vulnerability affecting the Web Interface component of Belkin F9K1009 and F9K1010 routers running firmware versions 2.00.04 and 2.00.09. The issue stems from hard-coded credentials, classified under CWE-259 (Use of Hard-coded Password) and CWE-798 (Use of Hard-coded Credentials). It has a CVSS v3.1 base score of 9.8, reflecting network accessibility, low attack complexity, no required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
The vulnerability can be exploited remotely by any unauthenticated attacker with network access to the affected device. By leveraging the disclosed hard-coded credentials, an attacker gains unauthorized access to the Web Interface, enabling potential full compromise of the router, including data exfiltration, configuration manipulation, or disruption of network services.
Advisories from VulDB and proof-of-concept documents on GitHub detail the hard-coded credentials and exploitation steps but note that the vendor was contacted early without any response or patch release. No official mitigations or firmware updates are available, leaving affected devices reliant on network segmentation, exposure minimization, or device replacement for risk reduction.
The exploit has been publicly disclosed via GitHub repositories containing PDF analyses of the firmware, increasing the likelihood of widespread abuse against unpatched Belkin routers.
Details
- CWE(s)