Vulnerability Database

319,478

Total vulnerabilities in the database

CVE-2025-60344

An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.

Published: Oct 21, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-60344
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.6
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWEs:

CWE-200

Affected Software
References

No affected software listed.

https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/
https://github.com/fyoozr/vulnerability-research/tree/main/CVE-2025-60344

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo