What is the CVSS score of CVE-2025-52222?

CVE-2025-52222 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-52222?

CVE-2025-52222 affects D-Link enterprise VPN routers across eight models, enabling unauthenticated remote attackers to crash devices via malformed HTTP requests.

How to fix or mitigate CVE-2025-52222?

Within 24 hours: Inventory all D-Link DI-8003, DI-8500, DI-8003G, DI-8200G, DI-8200, DI-8400, DI-8004w, DI-8100, and DI-8100G devices; document firmware versions (specifically 16.07.26A1, 17.12.20A1, 17.12.21A1). Within 7 days: Implement network-based mitigations-restrict HTTP/HTTPS access to these devices to trusted administrative IPs only, disable remote management if not essential, and monitor for suspicious crafted HTTP requests targeting radius_asp parameters. Within 30 days: Contact D-Link support for firmware update timelines and develop a replacement plan for devices where patching is unavailable; consider segmenting affected VPN infrastructure.

D-Link CVE-2025-52222

EUVD-2025-209315 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-08 mitre

Buffer Overflow Denial Of Service D-Link

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 18:16 euvd

EUVD-2025-209315

Analysis Generated

Apr 08, 2026 - 18:16 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

AnalysisAI

Buffer overflow in D-Link enterprise VPN router series (DI-8003, DI-8500, DI-8003G, DI-8200G, DI-8200, DI-8400, DI-8004w, DI-8100, DI-8100G) firmware versions 16.07.26A1 and 17.12.20A1/17.12.21A1 allows unauthenticated remote attackers to trigger denial of service via crafted HTTP requests exploiting rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in radius_asp function. Attack requires no user interaction or authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis.

Technical ContextAI

Classic stack-based buffer overflow (CWE-120) in RADIUS configuration handling within web management interface. Vulnerable radius_asp function fails to validate input length for seven distinct parameters before copying to fixed-size buffers, enabling memory corruption. Exploitation targets HTTP administrative interface accessible over network without authentication barriers, affecting firmware branches 16.07.26A1 and 17.12.x across nine enterprise router SKUs.

RemediationAI

No vendor-released patch identified at time of analysis. D-Link security bulletin (https://www.dlink.com/en/security-bulletin/) should be monitored for firmware updates addressing CVE-2025-52222. Interim mitigations: restrict web management interface access to trusted internal networks only via firewall rules; disable remote administration on WAN-facing interfaces; implement dedicated management VLAN with ACLs; deploy intrusion prevention systems with signatures detecting malformed RADIUS parameter submissions. Organizations unable to isolate administrative interfaces should evaluate migration to patched alternative platforms given absence of confirmed remediation timeline and low observed exploitation activity (EPSS 0.02%).