CVE-2025-22968
Published: 15 January 2025
Description
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Security Summary
CVE-2025-22968 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) published on 2025-01-15, affecting the D-Link DWR-M972V router on firmware version 1.05SSG. Classified under CWE-94 (code injection), the issue enables a remote attacker to execute arbitrary code via SSH by leveraging the root account without any restrictions.
Any unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation provides root-level arbitrary code execution on the device, resulting in high-impact compromise of confidentiality, integrity, and availability.
Advisories and further details, including potential patches or mitigations, are referenced on D-Link's security bulletin page at https://www.dlink.com/en/security-bulletin/, along with GitHub repositories https://github.com/CRUNZEX/CVE-2025-22968 and https://github.com/CRUNZEX/CVE-DLINK-LTE containing exploit-related information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability provides unauthenticated root access via SSH (and Telnet) on exposed WAN/LAN ports, facilitating default account abuse (T1078.001), command execution through network device CLI (T1059.008), and initial access via external remote services (T1133).