CVE-2025-10034

moderate-risk

Published 2025-09-06

A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Dir-825 Firmware

Affected Vendors

Dlink

References (6)

Exploit https://github.com/Jjx-wy/D-Link/blob/main/D-Link%20DIR-825%202.10.pdf

Permissions Required https://vuldb.com/?ctiid.322750

Third Party Advisory https://vuldb.com/?id.322750

Third Party Advisory https://vuldb.com/?submit.643978

Product https://www.dlink.com/

Exploit https://github.com/Jjx-wy/D-Link/blob/main/D-Link%20DIR-825%202.10.pdf

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal