CVE-2025-6292

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: Jun 20, 2025
Updated: Jun 27, 2025
CVE: CVE-2025-6292
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-121

Affected Software
References

Software	From	Fixed in
dlink / dir-825_firmware	2.03	2.03.x

https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir825-dlink-sub_4091AC
https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir825-dlink-sub_4091AC#poc
https://vuldb.com/?ctiid.313294
https://vuldb.com/?id.313294
https://vuldb.com/?submit.593938
https://www.dlink.com/

Vulnerability Database

CVE-2025-6292

Deep Security Visibility Without the Complexity