What is the CVSS score of EUVD-2025-18710?

EUVD-2025-18710 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Dir 825 Firmware are affected by EUVD-2025-18710?

A critical stack-based buffer overflow vulnerability (CVE-2025-6292) affects D-Link DIR-825 routers running version 2.03 and earlier, with a public exploit now available.

Is there a public PoC exploit available for EUVD-2025-18710?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18710. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2025-18710?

Within 24 hours: Inventory all D-Link DIR-825 devices in production and isolate any running version 2.03 or earlier from critical network segments. Within 7 days: Implement network segmentation to restrict HTTP POST access to affected devices and deploy WAF rules to block exploitation attempts. Within 30 days: Replace affected DIR-825 routers with supported models from the current product line, or decommission them entirely if operationally feasible.

Dir 825 Firmware EUVD-2025-18710

| CVE-2025-6292 HIGH

Buffer Overflow (CWE-119)

2025-06-20 cna@vuldb.com

Buffer Overflow D-Link RCE Denial Of Service Dir 825 Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18710

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Jun 26, 2025 - 17:25 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 01:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

CVE-2025-6292 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 routers (version 2.03 and potentially others) that allows authenticated attackers to execute arbitrary code remotely via malformed HTTP POST requests to the vulnerable HTTP POST Request Handler function. The vulnerability affects end-of-life products no longer receiving security updates from D-Link, and public exploit code has been disclosed, increasing real-world exploitation risk despite requiring valid credentials.

Technical ContextAI

The vulnerability exists in the HTTP POST Request Handler component (specifically function sub_4091AC) of D-Link DIR-825 firmware, which fails to properly validate input length before copying user-supplied data into a stack-allocated buffer. This is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). The DIR-825 is a wireless router that processes HTTP POST requests for configuration and management. The vulnerability allows an authenticated user to craft an oversized POST parameter that overwrites the stack, potentially corrupting return addresses and enabling arbitrary code execution in the router's context (typically with root/administrative privileges). The affected function processes HTTP POST data without adequate bounds checking, a common issue in embedded device firmware where memory constraints are tight and input validation is insufficient.

RemediationAI

Patch Availability: None—D-Link no longer supports the DIR-825 product line. Remediation Steps: (1) Immediate: Replace DIR-825 units with current-generation D-Link routers or alternative vendor solutions receiving active security updates. (2) Interim Mitigation (if replacement is delayed): (a) Restrict administrative/HTTP management access to the router via network-based access control lists (ACLs)—limit HTTP/HTTPS management ports (80/443) to trusted internal IPs only, not external/untrusted networks. (b) Disable remote management features if enabled. (c) Change default credentials and implement strong, unique administrative passwords. (d) Isolate the router on a dedicated management VLAN if possible. (e) Monitor router logs for suspicious POST requests (though most DIR-825 units have limited logging). (3) Long-term: Decommission the device and migrate to supported products with regular security patching (e.g., current D-Link models, ASUS, Ubiquiti, Cisco, or open-source alternatives like OpenWrt on compatible hardware).

EUVD-2025-18710 vulnerability details – vuln.today

Back

Dir 825 Firmware EUVD-2025-18710

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code