CVE-2025-25742
Published: 12 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-25742 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-853 router running firmware version A1 FW1.20B07. The flaw resides in the SetSysEmailSettings module, where insufficient bounds checking on the AccountPassword parameter allows an attacker to overwrite the stack with malicious input. This issue is classified under CWE-787 (Out-of-bounds Write) and carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to high impacts on confidentiality, integrity, and availability.
The vulnerability can be exploited by any unauthenticated attacker with network access to the device, requiring low complexity and no user interaction (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation enables arbitrary code execution, potentially granting full remote control over the router, including data exfiltration, modification of configurations, or use as a pivot point in the network.
Mitigation details and additional technical analysis are provided in the advisory at https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-3-1812386a664480feaf1ceab444b132b3, published on 2025-02-12. Security practitioners should check for firmware updates from D-Link or apply network segmentation and access controls to exposed devices until patched.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The unauthenticated remote stack-based buffer overflow in the public-facing SetSysEmailSettings module of the D-Link router directly enables arbitrary code execution via exploitation of a public-facing application.