CVE-2025-29635
📛 CVE Title
CVE-2025-29635
Description
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- mitre
- CVSS severity
- —
- CVSS score
- —
- CVSS vector
- —
- Effective score
- no score available from CNA, NVD, or AI yet
- CWE(s)
- —
- Reserved
- 2025-03-11
- Published
- 2025-03-25 01:00 UTC
- Last updated
- 2026-04-25 05:55 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/29xxx/CVE-2025-29635.json
AI-forensic CVSS estimate
Used only when a CVE has no official CVSS from its CNA or NVD. An LLM estimates the v3.1 base score from the description; a HIGH/CRITICAL estimate promotes the CVE to a Threat.
No AI estimate yet — it runs automatically once NVD has been checked, or click the button above.
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2025-14821 - Assigner
- mitre
- Published
- Mar 25, 2025, 12:00:00 AM
- Updated
- Apr 25, 2026, 3:55:37 AM
- EUVD base score (CVSS 3.1)
-
7.2 / 10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 19.9500
- Vendors
- n/a
- Products
-
n/a (n/a)
- Aliases
-
GHSA-m9wc-3h85-pp63
ENISA description: A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
EUVD references (1)
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| n/a | n/a |
n/a (affected)
|
— |
Remediations (10)
-
web:blog.talosintelligence.com
Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses.
2026-05-23 13:54 UTC -
web:cvefeed.io
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
2026-05-23 13:54 UTC -
web:krebsonsecurity.com
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities ...
2026-05-23 13:54 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-23 13:54 UTC -
web:securityaffairs.com
Mirai botnet is targeting old D-Link routers using CVE-2025-29635 , a command injection flaw exploitable via crafted POST requests.
2026-05-23 13:54 UTC -
web:source.android.com
Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level. Devices that use the 2025 -09-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
2026-05-23 13:54 UTC -
web:www.akamai.com
CVE-2025-29635 , which was publicly disclosed in late March 2025 , is a command injection vulnerability in D-Link DIR-823X series routers that affects firmware versions 240126 and 24082. These routers are retired devices as of September 2025 , per a disclosure from the vendor. Security researchers Wang Jinshuai and Zhao Jiangting discovered and reported the flaw, and reverse engineered the sub ...
2026-05-23 13:54 UTC -
web:www.cve.org
Vulnerability detail for CVE-2025-29635 Notice: Expanded keyword searching of CVE Records (with limitations) is now available in the search box above. Learn more here.
2026-05-23 13:54 UTC -
web:www.lansweeper.com
Patch Tuesday Microsoft report by Lansweeper. get an overview from all the Microsoft Patch Tuesday 's and fix the vulnerabilities.
2026-05-23 13:54 UTC -
web:www.oracle.com
Oracle Critical Patch Update Advisory - April 2025 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch ...
2026-05-23 13:54 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2025-29635.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-29635",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-24",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T03:55:37.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devices"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T00:00:00.000Z",
"value": "CVE-2025-29635 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:03:40.937Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-29635",
"datePublished": "2025-03-25T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2026-04-25T03:55:37.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}