Command Injection Vulnerability in D-Link DIR-823X Products
CVE-2025-29635
Key Information:
Badges
What is CVE-2025-29635?
A command injection vulnerability exists in the D-Link DIR-823X series, specifically affecting versions 240126 and 240802. This flaw allows an authorized attacker to execute arbitrary commands on the affected devices by sending specially crafted POST requests to the /goform/set_prohibiting endpoint. If exploited, this vulnerability enables the attacker to gain unauthorized access and control over potentially sensitive functions, posing significant risks to system integrity and user confidentiality.
CISA has reported CVE-2025-29635
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-29635 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
News Articles
The Hacker NewsCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
CISA adds 4 exploited CVEs including CVSS 9.9 SimpleHelp flaw, mandating FCEB mitigation by May 8, 2026 to reduce ransomware and botnet risk.
5 days ago
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet.
1 week ago
References
EPSS Score
69% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- πΎ
Exploit known to exist
- π°
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved