EUVD-2025-28712

| CVE-2025-6291 HIGH
2025-06-20 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-28712
PoC Detected
Jun 26, 2025 - 17:00 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 01:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link RCE Dir 825 Firmware

Description

A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-6291 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 firmware version 2.03, exploitable via HTTP POST requests to the do_file function. An authenticated attacker can achieve complete system compromise (confidentiality, integrity, and availability violations) remotely without user interaction. Public exploit code exists and the affected product is end-of-life with no vendor support, elevating real-world risk despite authentication requirement.

Technical Context

The vulnerability exists in the HTTP POST Request Handler component of D-Link DIR-825 wireless router firmware (CPE: cpe:2.3:h:d-link:dir-825:-:*:*:*:*:*:*:* with firmware 2.03). The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow in the do_file function. This function fails to properly validate the length of user-supplied input before copying it to a fixed-size stack buffer during HTTP POST parameter processing. The vulnerability allows attackers to overwrite return addresses and execute arbitrary code with device privileges.

Affected Products

D-Link DIR-825 firmware version 2.03 and potentially earlier versions. No patched versions are available as this product is end-of-life. Hardware CPE: cpe:2.3:h:d-link:dir-825:-:*:*:*:*:*:*:*. Firmware component affected: HTTP POST Request Handler (do_file function). Affected systems deployed in production environments using default or weak credentials face immediate risk.

Remediation

No vendor patches are available for this end-of-life product. Recommended mitigation: (1) IMMEDIATE: Disable HTTP POST requests at firewall level or disable remote management if not required; (2) Apply strong, unique credentials to router administration interface and change defaults; (3) Network isolation: restrict access to administrative interfaces to trusted networks only; (4) CRITICAL: Deploy replacement hardware with actively maintained firmware; (5) Implement network segmentation to limit router compromise impact; (6) Monitor router logs for suspicious POST requests or failed authentication attempts; (7) If continued operation is unavoidable, disable HTTP management and use only HTTPS with certificate pinning from trusted networks.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

EUVD-2025-28712 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy