CVE-2025-8949
Published: 14 August 2025
Summary
CVE-2025-8949 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A stack-based buffer overflow vulnerability exists in the D-Link DIR-825 firmware version 2.10 within the get_ping_app_stat function of ping_response.cgi in the httpd component. The flaw is triggered by unsanitized input to the ping_ipaddr argument and is tracked under CWE-119 and CWE-121. The affected device is an end-of-life model no longer supported by the vendor.
An authenticated remote attacker can supply a crafted ping_ipaddr value over the network to overflow the stack buffer, leading to arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code has already been released, although the CVSS vector requires high privileges and the current EPSS score remains low at 0.0225 with no upward movement since disclosure.
Vendor references confirm the product is unsupported, implying no official patches will be issued; users are therefore advised to retire the device or apply network-level controls to restrict access to the management interface.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24673
Vulnerability details
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched…
more
remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in router web CGI (ping_response.cgi) directly enables remote code execution against a public-facing network device application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of the ping_ipaddr argument before it reaches get_ping_app_stat, blocking the stack overflow at its source.
Applies memory-protection mechanisms that can detect or block stack-based overflows in the httpd process before code execution occurs.
Mandates replacement or additional mitigations for the explicitly unsupported DIR-825 firmware that receives no patches for this flaw.