CVE-2025-25743

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: D-Link DIR-853 A1 version FW1.20B07

Description: A command injection issue was discovered in the SetVirtualServerSettings module. This allows for potential exploitation.

Recommendations: For D-Link DIR-853 A1 version FW1.20B07, consider disabling the SetVirtualServerSettings module until a patch is available. Restrict access to this module to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-05390

CVE-2025-25743

Affected Products

D-Link Dir-853

CVE-2025-25743

Weakness Enumeration

Related Identifiers

Affected Products

References · 8