CVE-2025-10034
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-06

Last updated on: 2025-09-29

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-06
Last Modified
2025-09-29
Generated
2026-06-16
AI Q&A
2025-09-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10034
EUVD
EUVD-2025-27082
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-825_firmware 1.08.01
dlink dir-825 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10034 is a critical buffer overflow vulnerability in the D-Link DIR-825 router version 1.08.01. It exists in the function get_ping6_app_stat within the file ping6_response.cgi of the httpd component. The vulnerability occurs because the argument ping6_ipaddr is improperly handled, allowing an attacker to send input that overflows a buffer. This can be exploited remotely without user interaction, potentially leading to compromise of the device. [1, 2]

Impact Analysis

This vulnerability can be exploited remotely to cause a buffer overflow, which may allow attackers to compromise the confidentiality, integrity, and availability of the affected D-Link DIR-825 router. This could lead to unauthorized access, disruption of network services, or control over the device. Since the affected products are no longer supported, no known mitigations exist, and replacement of the device is recommended. [2]

Mitigation Strategies

Since the affected D-Link DIR-825 devices are no longer supported and no known countermeasures or mitigations exist, the recommended immediate step is to replace the affected product with a supported and secure alternative to mitigate the risk of exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10034. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart