PUBLISHED DATE: June 20, 2025CVE-2025-6292:
Stack-based Buffer Overflow Vulnerability

Description

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Products

• D-Link DIR-825 Firmware 2.03

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2025-6292, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2025-6292 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• http://webappsec.pbworks.com/Buffer-Overflow
• https://capec.mitre.org/data/definitions/10.html
• https://capec.mitre.org/data/definitions/100.html
• https://capec.mitre.org/data/definitions/123.html
• https://capec.mitre.org/data/definitions/14.html
• https://capec.mitre.org/data/definitions/24.html
• https://capec.mitre.org/data/definitions/42.html
• https://capec.mitre.org/data/definitions/44.html
• https://capec.mitre.org/data/definitions/45.html
• https://capec.mitre.org/data/definitions/46.html
• https://capec.mitre.org/data/definitions/47.html
• https://capec.mitre.org/data/definitions/8.html
• https://capec.mitre.org/data/definitions/9.html
• https://nvd.nist.gov/vuln/detail/CVE-2025-6292