CVE-2025-25743

CWE-77Command InjectionCWE-476NULL Pointer Dereference4 documents4 sources
Severity
7.2HIGH
EPSS
3.0%
top 13.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-853 Firmware
Timeline
PublishedFeb 12

Description

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-25743: D-Link DIR-853 A1 FW12025-02-12
GHSA
GHSA-jhhr-9p24-gxw8: D-Link DIR-853 A1 FW12025-02-12

📋Vendor Advisories

1
Microsoft
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.2020-10-13
CVE-2025-25743 (HIGH CVSS 7.2) | D-Link DIR-853 A1 FW1.20B07 was dis | cvebase.io