Local File Inclusion Vulnerability in D-Link DSR Series Routers
CVE-2025-60344

8.6HIGH

Key Information:

Vendor: D-link
Status: Dsr-150
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-60344?

The D-Link DSR series routers are exposed to a Local File Inclusion vulnerability that enables unauthorized individuals to access sensitive configuration files without authentication. These files may contain critical data such as administrative credentials and VPN settings, which could grant attackers administrative control over the device. The affected models include DSR-150, DSR-150N, and DSR-250N versions up to 1.09B32_WW, making it imperative for users to assess their systems for potential risks and apply necessary security measures.

Affected Version(s)

DSR-150 1.09B32_WW

References

https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/

https://github.com/fyoozr/vulnerability-research/tree/mai...

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60344 Data

JSON

D-link

What is CVE-2025-60344?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline