CVE-2025-4753 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability arises from improper handling or protection of the /login.data file, which contains sensitive information related to user authentication or session management. An attacker can remotely exploit this flaw without requiring any authentication or user interaction, leveraging network access to the device. The vulnerability is classified as problematic due to its potential to leak confidential information, which could include credentials or session tokens, thereby facilitating further attacks such as unauthorized access or network compromise. The CVSS 4.0 base score of 6.9 reflects a medium severity level, indicating a significant but not critical risk. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality (VC:L) but does not affect integrity or availability. Although no public exploits are currently known to be in the wild, the exploit code has been disclosed publicly, increasing the risk of exploitation by malicious actors. No official patches or mitigations have been published at the time of this report, which increases the urgency for affected organizations to implement compensating controls.

For European organizations, this vulnerability poses a moderate risk, particularly for entities relying on the D-Link DI-7003GV2 router in their network infrastructure. Information disclosure can lead to leakage of sensitive credentials or session data, potentially enabling attackers to gain unauthorized access to internal networks or escalate privileges. This can compromise confidentiality of corporate data, disrupt business operations, and lead to regulatory non-compliance under GDPR if personal data is exposed. The remote exploitation capability without authentication makes it easier for attackers to target vulnerable devices across the internet or within corporate networks. Organizations in sectors with high security requirements, such as finance, healthcare, and critical infrastructure, could face increased risks of targeted attacks leveraging this vulnerability. Additionally, the lack of available patches means that affected organizations must rely on network-level defenses and monitoring to mitigate potential exploitation.

Given the absence of official patches, European organizations should take immediate steps to reduce exposure. These include: 1) Restricting network access to the affected D-Link DI-7003GV2 devices by implementing strict firewall rules to limit inbound connections to trusted IP addresses only. 2) Segmenting the network to isolate vulnerable devices from critical assets and sensitive data repositories. 3) Monitoring network traffic for unusual access patterns or attempts to retrieve the /login.data file, using intrusion detection/prevention systems (IDS/IPS) and security information and event management (SIEM) solutions. 4) Changing default credentials and ensuring strong authentication mechanisms are in place to reduce the impact if information is leaked. 5) Engaging with D-Link support or vendor channels to obtain firmware updates or advisories as they become available. 6) Considering replacement of affected hardware if patching is not feasible within a reasonable timeframe. 7) Conducting regular vulnerability assessments and penetration testing focused on network devices to identify and remediate similar weaknesses proactively.