CVE-2025-10385 is a high-severity buffer overflow vulnerability identified in the Mercury KM08-708H GiGA WiFi Wave2 router, specifically affecting version 1.1 of the device firmware. The vulnerability resides in the function sub_450B2C within the /goform/mcr_setSysAdm file. It is triggered by the manipulation of the 'ChgUserId' argument, which leads to a buffer overflow condition. This flaw allows an attacker to remotely exploit the device without requiring user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts confidentiality, integrity, and availability (all rated high in the CVSS vector), meaning an attacker could potentially execute arbitrary code, gain unauthorized access, or cause denial of service on the affected device. Although no known exploits are currently observed in the wild, the exploit code has been publicly disclosed, increasing the risk of exploitation. The vulnerability's remote nature and low attack complexity make it a critical concern for network security, especially since routers like the KM08-708H serve as critical network infrastructure components. The absence of patches at the time of disclosure further elevates the urgency for mitigation.

For European organizations, this vulnerability poses significant risks. The Mercury KM08-708H GiGA WiFi Wave2 router is typically deployed in small to medium enterprise environments and possibly in residential settings that rely on robust WiFi connectivity. Exploitation could lead to unauthorized network access, interception or manipulation of sensitive data, disruption of network services, and potential lateral movement within organizational networks. Given the router's role as a gateway device, compromise could undermine the security of connected devices and critical business operations. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government institutions across Europe. The high severity and remote exploitability mean attackers could leverage this vulnerability to establish persistent footholds or launch broader attacks, including ransomware or espionage campaigns. Additionally, the lack of user interaction and authentication requirements lowers the barrier for attackers, increasing the likelihood of successful exploitation in diverse environments.

Organizations should immediately inventory their network infrastructure to identify the presence of Mercury KM08-708H GiGA WiFi Wave2 routers running firmware version 1.1. Until an official patch is released, network administrators should implement compensating controls such as restricting remote management access to trusted IP addresses or disabling remote administration features if not essential. Deploy network segmentation to isolate vulnerable devices from critical assets and monitor network traffic for anomalous activity targeting the /goform/mcr_setSysAdm endpoint. Employ intrusion detection or prevention systems (IDS/IPS) with signatures or heuristics capable of detecting buffer overflow attempts against this router. Regularly update firewall rules to block suspicious payloads and consider using VPNs or other secure channels for remote management. Once a vendor patch becomes available, prioritize immediate testing and deployment. Additionally, organizations should educate IT staff about this vulnerability and maintain heightened vigilance for related threat intelligence updates.