CVE-2025-8949
moderate-risk
Published 2025-08-14
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Do I need to act?
-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (5)
Permissions Required
https://vuldb.com/?ctiid.319915
Third Party Advisory
https://vuldb.com/?id.319915
Third Party Advisory
https://vuldb.com/?submit.627640
Product
https://www.dlink.com/
33
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal