CVE-2025-13305

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-13305

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

A

weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

References
Link Resource
https://github.com/LX-LX88/cve/issues/12 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.332645 Permissions Required VDB Entry
https://vuldb.com/?id.332645 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691809 Third Party Advisory VDB Entry
https://vuldb.com/?submit.691816 Third Party Advisory VDB Entry
https://vuldb.com/?submit.693784 Third Party Advisory VDB Entry
https://vuldb.com/?submit.693806 Third Party Advisory VDB Entry
https://vuldb.com/?submit.695424 Third Party Advisory VDB Entry
https://www.dlink.com/ Product
https://github.com/LX-LX88/cve/issues/12 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825m:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m920:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m921:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*
History

08 Dec 2025, 14:35

Type Values Removed Values Added
First Time Dlink dwr-m920 Firmware
Dlink dwr-m960
Dlink dwr-m921
Dlink dir-825m Firmware
Dlink dwr-m920
Dlink
Dlink dwr-m921 Firmware
Dlink dir-825m
Dlink dwr-m961 Firmware
Dlink dwr-m961
Dlink dwr-m960 Firmware
CPE cpe:2.3:h:dlink:dwr-m920:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m961:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825m:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-825m_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m961_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m920_firmware:1.01.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-m921:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m921_firmware:1.01.07:*:*:*:*:*:*:*
References () https://github.com/LX-LX88/cve/issues/12 - () https://github.com/LX-LX88/cve/issues/12 - Exploit, Issue Tracking, Third Party Advisory
References () https://vuldb.com/?ctiid.332645 - () https://vuldb.com/?ctiid.332645 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.332645 - () https://vuldb.com/?id.332645 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.691809 - () https://vuldb.com/?submit.691809 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.691816 - () https://vuldb.com/?submit.691816 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.693784 - () https://vuldb.com/?submit.693784 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.693806 - () https://vuldb.com/?submit.693806 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.695424 - () https://vuldb.com/?submit.695424 - Third Party Advisory, VDB Entry
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product

18 Nov 2025, 15:16

Type Values Removed Values Added
References () https://github.com/LX-LX88/cve/issues/12 - () https://github.com/LX-LX88/cve/issues/12 -

17 Nov 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-17 23:15

Updated : 2025-12-08 14:35

NVD link : CVE-2025-13305

Mitre link : CVE-2025-13305

CVE.ORG link : CVE-2025-13305

JSON object : View

Products Affected

dlink

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')