CVE-2025-8949
Published: 14 August 2025
Summary
CVE-2025-8949 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in router web CGI (ping_response.cgi) directly enables remote code execution against a public-facing network device application.
NVD Description
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched…
more
remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-8949 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-825 router running firmware version 2.10. The flaw resides in the get_ping_app_stat function of the ping_response.cgi file within the httpd component, triggered by manipulation of the ping_ipaddr argument. Published on 2025-08-14, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS 3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by an attacker possessing high privileges (PR:H) on the target device. By sending a specially crafted request to ping_response.cgi, the attacker can overflow the stack, potentially achieving high impacts on confidentiality, integrity, and availability, including arbitrary code execution or denial of service.
This issue only affects products no longer supported by the maintainer, with no patches available. An exploit has been publicly disclosed, as detailed in advisories from VulDB (ctiid.319915, id.319915, submit.627640) and a GitHub issue (i-Corner/cve#16); the D-Link website provides general product information but no specific mitigation guidance.
Details
- CWE(s)