Threat Intelligence / CVE / CVE-2025-29635

CVE-2025-29635

CISA KEV

CVSS 7.2 (HIGH) · EPSS 1.3% · Published 2025-03-25

Command injection vulnerability in D-Link DIR-823X firmware versions 240126 and 240802 allows authorized attackers to execute arbitrary commands via POST requests to the /goform/set_prohibiting endpoint.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77

Threats tracking this CVE

CVE-2025-29635 — Mirai Variant Campaign Recruiting D-Link DIR-823X Routers via /goform/set_prohibiting Command Injection — HIGH

References

https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md
https://www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devices
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635

Full detection coverage & IOCs for threats exploiting CVE-2025-29635 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence