VDB
CVE-2025-4860
CVE-2025-4860
PUBLISHED
Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.
EPSS 0.24% · 47.7th percentile
Risk Scores
EPSS Score
0.24%
47.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D-LINK | D-LINK Router DAP-2695 120b36r137_ALL_en_20210528 |
Exploit Intelligence
- https://euvd.enisa.europa.eu/enisa/EUVD-2025-15614 (certbund)
- https://euvd.enisa.europa.eu/enisa/EUVD-2025-15615 (certbund)
- CIRCL seen: CVE-2025-4860 (circl-sighting)
- CIRCL seen: CVE-2025-4860 (circl-sighting)
- VDB-309402 | D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting (circl)
- VDB-309402 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
- Submit #575103 | D-Link DAP-2695 firmware 20210528 Cross Site Scripting (circl)
- https://www.dlink.com/ (circl)
- https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings (cve.org)
Timeline
- May 18, 2025 EPSS Score
- May 18, 2025 CVE Published
- May 18, 2025 PoC Published
- May 18, 2025 PoC Published
- May 19, 2025 CVE Updated
- May 29, 2025 EPSS Score
- Jun 10, 2025 EPSS Score
- Jun 21, 2025 EPSS Score
- Jul 2, 2025 EPSS Score
- Jul 13, 2025 EPSS Score
- Jul 25, 2025 EPSS Score
- Aug 5, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1092.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1092 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-4859 advisory
- https://github.com/advisories/GHSA-5w7x-w3j5-cf23 advisory
- https://euvd.enisa.europa.eu/enisa/EUVD-2025-15614 advisory
- https://euvd.enisa.europa.eu/enisa/EUVD-2025-15615 advisory