CVE-2025-4752 is a medium-severity information disclosure vulnerability affecting the D-Link DI-7003GV2 router, specifically version 24.04.18D1 R(68125). The vulnerability arises from an unknown functionality related to the file /install_base.data, which can be manipulated remotely without any authentication or user interaction. This manipulation leads to unauthorized disclosure of information stored or processed by the device. The CVSS 4.0 base score is 6.9, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and limited confidentiality impact (VC:L) with no impact on integrity or availability. The vulnerability is publicly disclosed, and although no known exploits are currently active in the wild, the availability of exploit code increases the risk of exploitation. The lack of authentication and user interaction requirements makes this vulnerability relatively easy to exploit remotely, potentially allowing attackers to gather sensitive configuration or operational data from affected devices. Since the vulnerability concerns a network device, exploitation could facilitate further attacks such as network reconnaissance, targeted attacks on internal networks, or lateral movement within compromised environments.

For European organizations, exploitation of CVE-2025-4752 could lead to unauthorized disclosure of sensitive network configuration or operational data from affected D-Link DI-7003GV2 routers. This information leakage may expose internal network topology, credentials, or other critical data that attackers can leverage to escalate attacks, conduct espionage, or disrupt operations. Given the router’s role as a network gateway, compromised devices could undermine the confidentiality of communications and potentially facilitate further intrusions. Organizations relying on these devices for critical infrastructure or sensitive data transmission may face increased risk of data breaches or targeted cyberattacks. The medium severity indicates that while the immediate impact is limited to information disclosure, the downstream effects could be significant depending on the nature of the disclosed data and the attacker’s objectives. Additionally, the remote and unauthenticated nature of the exploit increases the attack surface, especially for organizations with exposed or poorly segmented network environments.

1. Immediate mitigation should focus on isolating affected D-Link DI-7003GV2 devices from untrusted networks, especially the internet, to reduce exposure to remote exploitation. 2. Network administrators should implement strict access controls and firewall rules to limit inbound traffic to management interfaces and restrict access to trusted IP addresses only. 3. Monitor network traffic for unusual access patterns or attempts to retrieve the /install_base.data file or similar resources. 4. Since no official patch is currently available, organizations should contact D-Link support for guidance and monitor for firmware updates addressing this vulnerability. 5. Consider replacing affected devices with models that have received security updates or have a stronger security track record if patching is not feasible in the short term. 6. Employ network segmentation to separate critical systems from vulnerable devices, minimizing potential lateral movement. 7. Conduct regular security audits and vulnerability assessments to identify and remediate similar risks proactively.