CVE-2025-25744
Published: 12 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-25744 is a stack-based buffer overflow vulnerability (CWE-787) in the D-Link DIR-853 router, specifically affecting firmware version A1 FW1.20B07. The flaw resides in the SetDynamicDNSSettings module, where insufficient bounds checking on the Password parameter allows an attacker to overwrite the stack with malicious input. This issue was published on 2025-02-12 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
An unauthenticated attacker with network access to the vulnerable router can exploit this flaw remotely with low complexity and no user interaction required. By sending a specially crafted request to the SetDynamicDNSSettings endpoint, the attacker can trigger the buffer overflow, leading to arbitrary code execution, data corruption, or denial of service. Successful exploitation grants high-impact privileges, enabling full control over the device, including confidentiality breaches, integrity violations, and availability disruptions.
Further details, including potential mitigation steps, are documented in the advisory at https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-4-1812386a664480378626cc13b98e18f5.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack-based buffer overflow in the unauthenticated SetDynamicDNSSettings web endpoint on the public-facing router directly enables T1190 (Exploit Public-Facing Application) for remote arbitrary code execution.