Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-10666

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

7.4HIGH

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Dir-825 Firmware D-link Dir-825

Timeline

PublishedSep 18

Latest updateFeb 2

Description

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dir-825_firmware2.10

▶CVEListV5d-link/dir-82511 versions+10

🔴Vulnerability Details

CVEList

D-Link DIR-825 apply.cgi sub_4106d4 buffer overflow↗2025-09-18

▶

GHSA

GHSA-xvh8-f5vg-49g2: A security flaw has been discovered in D-Link DIR-825 up to 2↗2025-09-18

▶

💥Exploits & PoCs

Exploit-DB

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)↗2026-02-02

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS D-Link apply.cgi countdown_time Parameter Buffer Overflow Attempt (CVE-2025-10666)↗2025-09-18

▶