CVE-2025-4751 is a medium-severity information disclosure vulnerability affecting the D-Link DI-7003GV2 router, specifically version 24.04.18D1 R(68125). The vulnerability arises from an unknown function related to the /index.data file, which can be manipulated remotely without any authentication or user interaction. This manipulation leads to unauthorized disclosure of information, potentially exposing sensitive data stored or processed by the device. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting a network attack vector with low attack complexity and no privileges or user interaction required. The impact is limited to confidentiality, with no direct effect on integrity or availability. Although the exact nature of the disclosed information is unspecified, such leaks can aid attackers in reconnaissance or facilitate further exploitation. No patches or mitigations have been publicly linked yet, and while no exploits are currently known to be in the wild, the public disclosure of the exploit code increases the risk of exploitation.

For European organizations, this vulnerability poses a risk primarily to those using the affected D-Link DI-7003GV2 routers in their network infrastructure. Information disclosure can lead to leakage of configuration details, network topology, or credentials, which attackers can leverage to escalate attacks or gain unauthorized access. This is particularly concerning for small and medium enterprises or branch offices relying on this router model for internet connectivity or VPN termination. The exposure could compromise confidentiality of internal communications or sensitive operational data. Given the remote exploitability without authentication, attackers can target vulnerable devices directly over the internet, increasing the attack surface. While the impact does not directly affect system availability or integrity, the indirect consequences of leaked information could lead to more severe attacks. European organizations with limited network segmentation or outdated device inventories are at higher risk.

1. Immediate network-level mitigation should include restricting remote access to the affected router's management interfaces, especially blocking access to the /index.data endpoint from untrusted networks. 2. Implement network segmentation to isolate vulnerable devices from critical assets. 3. Monitor network traffic for unusual requests targeting the router, particularly those attempting to access /index.data or other sensitive endpoints. 4. Regularly audit and update router firmware; although no patch is currently linked, organizations should stay alert for vendor updates addressing this vulnerability. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures for this CVE once available. 6. Replace or upgrade affected devices if feasible, especially in high-risk environments. 7. Educate IT staff about this vulnerability to ensure timely response and mitigation.