CVE-2025-55581
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-09-12

Assigner: MITRE

Description
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-09-12
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55581
EUVD
EUVD-2025-25614
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dcs-825l_firmware to 1.08.01 (inc)
dlink dcs-825l *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-494 The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the D-Link DCS-825L firmware (version 1.08.01 and possibly earlier) within the mydlink-watch-dog.sh script. The script is responsible for monitoring and restarting two binaries, 'dcp' and 'signalc', but it does not verify their integrity, origin, or permissions. An attacker who gains filesystem access (for example, through UART or by modifying the firmware) can replace these binaries with malicious versions. This allows the attacker to execute arbitrary code persistently with root privileges on the device.

Impact Analysis

If exploited, this vulnerability can allow an attacker with filesystem access to execute arbitrary code with root privileges persistently on the affected device. This could lead to full control over the device, unauthorized access to data, disruption of device functionality, and potentially using the device as a foothold for further attacks within a network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55581. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart