How to fix CVE-2025-10547?

Within 24 hours: Identify all Vigor Router models and firmware versions in your environment using network discovery tools. Within 7 days: Contact DrayTek support or check their advisory portal for the specific patch version addressing CVE-2025-10547 and test in a controlled environment. Within 30 days: Apply vendor-released patch to all affected Vigor Router devices and verify successful deployment through firmware version confirmation.

CVE-2025-10547

EUVD-2025-32500 CRITICAL

2025-10-03 [email protected]

Buffer Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:50 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

4.4.5.1,4.4.6.1,4.5.1

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32500

CVE Published

Oct 03, 2025 - 12:15 nvd

CRITICAL 9.8

DescriptionNVD

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

AnalysisAI

Uninitialized variable in Vigor Routers DrayOS HTTP CGI. EPSS 0.06%.

Technical ContextAI

Uninitialized variable in CGI request processing.

RemediationAI

Update firmware.

CVE-2025-10547 vulnerability details – vuln.today

Back

CVE-2025-10547

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code