Local File Inclusion Vulnerability in D-Link DSR Series Routers
CVE-2025-60344

Currently unrated

Key Information:

Vendor: D-Link
Status: DSR Series Routers
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-60344?

The D-Link DSR series routers are exposed to a Local File Inclusion vulnerability that enables unauthorized individuals to access sensitive configuration files without authentication. These files may contain critical data such as administrative credentials and VPN settings, which could grant attackers administrative control over the device. The affected models include DSR-150, DSR-150N, and DSR-250N versions up to 1.09B32_WW, making it imperative for users to assess their systems for potential risks and apply necessary security measures.

References

https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/

https://github.com/fyoozr/vulnerability-research/tree/mai...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 26, 2025

JSON