CVE-2025-4901 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The vulnerability resides in the HTTP Endpoint component, within the function sub_41E304 of the /H5/state_view.data file. An attacker who has access to the local network can exploit this flaw to retrieve sensitive information from the device. The vulnerability does not require authentication, user interaction, or elevated privileges, making it relatively straightforward to exploit for an attacker already inside the local network. However, the attack vector is limited to local network access, meaning remote exploitation over the internet is not feasible without prior network access. The CVSS v4.0 base score is 5.3, indicating a medium severity level. The vulnerability could potentially expose configuration details or operational state information that could be leveraged for further attacks or network reconnaissance. No patches or fixes have been publicly linked yet, and while the exploit has been disclosed publicly, there are no known active exploitations in the wild at this time.

For European organizations, the impact of this vulnerability primarily concerns internal network security. If an attacker gains access to the local network—via compromised devices, insider threats, or physical access—they could exploit this vulnerability to gather sensitive information from the affected D-Link routers. This information disclosure could facilitate lateral movement within the network, enable more targeted attacks, or reveal network topology and device configurations. Organizations relying on the DI-7003GV2 model for critical infrastructure or sensitive operations could face increased risk of espionage or data leakage. The medium severity rating suggests that while the vulnerability is not immediately critical, it poses a meaningful risk in environments where network segmentation and access controls are weak or where the device is deployed in sensitive network segments. Given the lack of remote exploitability, the threat is mitigated somewhat by robust perimeter defenses but remains a concern for internal security posture.

European organizations should implement strict network segmentation to limit access to the local network where D-Link DI-7003GV2 devices are deployed. Access control lists (ACLs) and VLANs should be used to isolate management interfaces and sensitive network segments. Monitoring and logging of local network traffic for unusual HTTP requests targeting the /H5/state_view.data endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider temporary mitigations such as disabling or restricting access to the HTTP management interface from untrusted internal hosts. Additionally, physical security controls should be enforced to prevent unauthorized local network access. Organizations should engage with D-Link support channels to obtain firmware updates or patches as they become available and plan for timely deployment. Regular vulnerability scanning and penetration testing should include checks for this vulnerability to ensure it is not exploitable in their environment.