Is there a public PoC exploit available for CVE-2025-11407?

Yes, a public proof-of-concept exploit is available for CVE-2025-11407. Prioritise patching immediately. EPSS: 0.1%.

D-Link DI-7001 MINI CVE-2025-11407

Q: What is the CVSS score of CVE-2025-11407?

CVE-2025-11407 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Command Injection (CWE-77)

2025-10-07 cna@vuldb.com

Command Injection D-Link Di 7001Mini 8G Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:02 vuln.today

DescriptionCVE.org

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

AnalysisAI

OS command injection in D-Link DI-7001 MINI firmware 24.04.18B1 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the path argument in /upgrade_filter.asp. Public exploit code is available, though the CVSS 2.1 score and 0.07% EPSS percentile indicate limited real-world exploitation likelihood despite the vulnerability's remote network accessibility.

Technical ContextAI

The vulnerability exists in the /upgrade_filter.asp endpoint on D-Link DI-7001 MINI router firmware version 24.04.18B1. CWE-77 indicates improper neutralization of special elements used in a command (Command Injection). The root cause is insufficient input validation or sanitization of the path parameter before it is passed to an OS command execution function, allowing an authenticated user to inject arbitrary shell commands that execute with the privileges of the web service process.

RemediationAI

Contact D-Link support or check https://www.dlink.com/ for a patched firmware version newer than 24.04.18B1. Until a patch is available, restrict administrative access to the DI-7001 MINI device to trusted users and networks only. Implement network segmentation to limit who can reach the management interface. Disable the /upgrade_filter.asp endpoint if it is not actively used by monitoring your firmware update procedures. Disable remote management if the device is only accessed locally, or bind management interfaces to specific internal IP ranges rather than 0.0.0.0. Monitor web server logs on the router for suspicious path parameter values in requests to /upgrade_filter.asp.

CVE-2025-11407 vulnerability details – vuln.today

Back