CVE-2025-7206

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10

Description: A critical vulnerability exists in the D-Link DIR-825 router. This issue affects the sub 410DDC function within the switch language.cgi file of the httpd component. Manipulation of the Language parameter leads to a stack-based buffer overflow, potentially allowing remote attackers to crash the web interface. The exploit for this vulnerability has been publicly disclosed. Approximately 47,000 instances of this device have been identified online.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2025-08440

CVE-2025-7206

Affected Products

D-Link Dir-825

CVE-2025-7206

Weakness Enumeration

Related Identifiers

Affected Products

References · 18