CVE-2025-29635

Published Mar 25, 2025

Last updated a year ago

CVSS high 8.8

Overview

Description
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.
Source
cve@mitre.org
NVD status
Analyzed
Products
dir-823x_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635 #cve202529635 #dlinkrouter #miraibotnet

    @kaxm231

    22 Apr 2026

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635 #cve202529635 #dlinkrouter #miraibotnet https://t.co/nUST8rUEHP

    @Anavem_

    22 Apr 2026

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Mirai hits CVE-2025-29635 in EOL D-Link DIR-823X routers a year after PoC. No patch - forever-day IoT. https://t.co/l4ZEciMxh3 #infosec #IoT #Mirai

    @CyberDaily_News

    22 Apr 2026

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 BREAKING: #BreakingNews Mirai botnet exploits CVE-2025-29635 command-injection flaw in EOL D-Link DIR-823X routers via crafted POST requests to build botnet. Akamai SIRT observed active attacks.[127 chars] #DLink #Mirai #Cybersecurity https://t.co/B7RzL9EvHJ

    @Archange_Shadow

    22 Apr 2026

    4 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. New Mirai-based campaign exploits CVE-2025-29635, a high-severity command-injection flaw in EOL D-Link DIR-823X routers, turning affected devices into a botnet. Learn more: https://t.co/zZ4T8RrmQJ

    @trubetech

    22 Apr 2026

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. A revived Mirai botnet campaign is exploiting CVE-2025-29635 to compromise legacy D-Link routers, turning outdated devices into powerful tools for large-scale cyberattacks. https://t.co/vn9cgURtey

    @rfeio

    22 Apr 2026

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Mirai botnet exploits D-Link routers (CVE-2025-29635) Command injection → malware drop + botnet recruitment 💡 Lesson: Old vulnerabilities + public PoC = easy targets for botnet operators ⚠️ Action: Replace unsupported devices, patch immediately, and block suspici

    @VivekIntel

    22 Apr 2026

    101 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. 🚨 Mirai Botnet Exploits #CVE-2025-29635 in Discontinued D-Link Routers to Deploy Global #Malware Campaign + Video -Fact Checker: ✅: 3 ❌: 0 || 3/3 https://t.co/eEgm4L3XIb

    @UndercodeNews

    22 Apr 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Los cadáveres de silicio nunca descansan en paz; simplemente esperan a ser reclamados por una mente superior. 👁️ El botnet Mirai ha vuelto a las arterias de la red, despertando a los routers D-Link que la industria ya dio por muertos en 2025. El CVE-2025-29635 no es un sim

    @ZamnaX_89

    22 Apr 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/5fgyv4x3vI

    @hackplayers

    22 Apr 2026

    238 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers: Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is… https://t.co/txN6cNNP2r https:

    @shah_sheikh

    22 Apr 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. @Akamai #Mirai #Botnet exploits CVE-2025-29635 to target legacy D-Link routers https://t.co/D2hM9rLcGz #securityaffairs #hacking #malware

    @securityaffairs

    22 Apr 2026

    87 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-29635: Mirai Botnet Hits Retired D-Link DIR-823X Routers https://t.co/7eGZLLIhco #CVE202529635 #MiraiBotnet #CyberSecurity

    @cybrsecpath

    22 Apr 2026

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. يستهدف بوتنت Mirai ثغرة في راوترات D-Link المتوقفة (CVE-2025-29635)، ما يسمح بتنفيذ أوامر عن بُعد عبر طلبات معدلة، مع تحذيرات بضرورة استبدال الأجهزة فورًا لتجنب الاخت

    @Malathknet

    22 Apr 2026

    65 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Akamai SIRT warns of a new Mirai campaign weaponizing EOL D-Link routers via CVE-2025-29635. Protect your network from zombie botnets—retire old hardware now. #MiraiBotnet #DLink #CyberSecurity #IoT #CVE202529635 #InfoSec #Botnet #DDoS https://t.co/9LCaqXy9Sy https://t.co/Aff4

    @the_yellow_fall

    22 Apr 2026

    382 Impressions

    4 Retweets

    6 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  16. NEW THREAT INTEL: Mirai Variant Hits D-Link DIR-823X - CVE-2025-29635 command injection recruits SOHO routers into DDoS botnet. 9 detections, 23 IOCs. https://t.co/xw1w7TkP9O #ThreatIntel #CyberSecurity #Mirai #Botnet #CVE

    @threadlinqs

    22 Apr 2026

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 [HIGH] Active exploitation detected: CVE-2025-29635 Exploit in the wild confirmed for CVE-2025-29635 (CVSS null). A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authori... 🔗 https://t.co/RZBhpWnHFz #ZeroDay #ExploitInWild #CyberSecurity

    @ctiwatchcloud

    22 Apr 2026

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 👁️👁️ CVE-2025-29635: Mirai Campaign Targets D-Link Devices | Akamai https://t.co/YyBya7rhIs

    @fj_twt

    21 Apr 2026

    250 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-29635 Mirai campaign targets D-Link devices -- https://t.co/2tlsJiFHq6

    @AndreGironda

    21 Apr 2026

    165 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🔴 D-Link DIR-823X, Command Injection, #CVE-2025-29635 (Critical) https://t.co/CawXIvHzgN

    @dailycve

    3 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CVE-2025-29635 🔴 HIGH (8.8) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/haG2bN2Uk6 #CyberCron #VulnAlert #InfoSec https://t.co/yjW0m7Al7s

    @cybercronai

    26 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 CVE-2025-29635 🔴 HIGH (8.8) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/haG2bN2Uk6 #CyberCron #VulnAlert #InfoSec https://t.co/Jn5jvREuMM

    @cybercronai

    25 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. New post from https://t.co/uXvPWJy6tj (CVE-2025-29635 | D-Link DIR-823X HTTP POST Request /goform/set_prohibiting command injection) has been published on https://t.co/A0fDzJb13m

    @WolfgangSesin

    25 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2025-29635 A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST… https://t.co/8cDWK7QqV2

    @CVEnew

    25 Mar 2025

    340 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.CVE-2026-2210
  2. A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.CVE-2026-2175
  3. A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.CVE-2026-2157
  4. A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.CVE-2026-2155
  5. A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.CVE-2026-2143

References

Sources include official advisories and independent security research.