CVE-2025-10093 is an information disclosure vulnerability affecting the D-Link DIR-852 router, specifically versions up to 1.00CN B09. The vulnerability resides in the phpcgi_main function of the /getcfg.php file, which is part of the Device Configuration Handler component. This flaw allows an unauthenticated remote attacker to manipulate requests to this endpoint and retrieve sensitive configuration information from the device. The vulnerability does not require any user interaction, privileges, or authentication, making it remotely exploitable over the network. The disclosed information could include configuration details that may aid attackers in further compromising the device or network. Notably, the affected product version is no longer supported by the vendor, meaning no official patches or updates are available to remediate this issue. The CVSS v4.0 base score is 6.9, indicating a medium severity level, with an exploitability rating of low complexity and no privileges or user interaction required. Although no known exploits are currently observed in the wild, a public exploit exists, increasing the risk of exploitation by threat actors. The vulnerability's impact is limited to information disclosure without direct integrity or availability consequences, but the leaked data could facilitate subsequent attacks such as network intrusion or lateral movement.

For European organizations, the impact of this vulnerability depends largely on the presence and deployment of the affected D-Link DIR-852 routers within their networks. Many small and medium enterprises (SMEs) and home offices may still use these devices due to their affordability and past popularity. Information disclosure could expose network configuration details, including credentials or internal IP schemes, which attackers could leverage to gain unauthorized access or escalate privileges. Given that the device is no longer supported, organizations cannot rely on vendor patches, increasing their exposure. This risk is particularly relevant for sectors with sensitive data or critical infrastructure, such as healthcare, finance, and government agencies, where network compromise could lead to data breaches or operational disruptions. Additionally, the ease of remote exploitation without authentication increases the threat surface, especially if these devices are directly exposed to the internet or poorly segmented within internal networks.

Since no official patches are available due to the end-of-life status of the affected product version, European organizations should prioritize the following mitigations: 1) Immediate replacement or upgrade of the D-Link DIR-852 routers to supported models with current firmware to eliminate the vulnerability. 2) If replacement is not immediately feasible, restrict remote access to the device by disabling remote management features and blocking inbound traffic to the router’s management interfaces from untrusted networks. 3) Implement network segmentation to isolate vulnerable devices from critical assets and sensitive data environments. 4) Monitor network traffic for unusual access patterns targeting the /getcfg.php endpoint or other suspicious activities indicative of exploitation attempts. 5) Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts against this vulnerability. 6) Educate IT staff and users about the risks of using unsupported network devices and the importance of timely hardware lifecycle management.