CVE-2025-4901: Information Disclosure in D-Link DI-7003GV2
A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-4901 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The vulnerability resides in the HTTP Endpoint component, within the function sub_41E304 of the /H5/state_view.data file. An attacker who has access to the local network can exploit this flaw to retrieve sensitive information from the device. The vulnerability does not require authentication, user interaction, or elevated privileges, making it relatively straightforward to exploit for an attacker already inside the local network. However, the attack vector is limited to local network access, meaning remote exploitation over the internet is not feasible without prior network access. The CVSS v4.0 base score is 5.3, indicating a medium severity level. The vulnerability could potentially expose configuration details or operational state information that could be leveraged for further attacks or network reconnaissance. No patches or fixes have been publicly linked yet, and while the exploit has been disclosed publicly, there are no known active exploitations in the wild at this time.
Potential Impact
For European organizations, the impact of this vulnerability primarily concerns internal network security. If an attacker gains access to the local network—via compromised devices, insider threats, or physical access—they could exploit this vulnerability to gather sensitive information from the affected D-Link routers. This information disclosure could facilitate lateral movement within the network, enable more targeted attacks, or reveal network topology and device configurations. Organizations relying on the DI-7003GV2 model for critical infrastructure or sensitive operations could face increased risk of espionage or data leakage. The medium severity rating suggests that while the vulnerability is not immediately critical, it poses a meaningful risk in environments where network segmentation and access controls are weak or where the device is deployed in sensitive network segments. Given the lack of remote exploitability, the threat is mitigated somewhat by robust perimeter defenses but remains a concern for internal security posture.
Mitigation Recommendations
European organizations should implement strict network segmentation to limit access to the local network where D-Link DI-7003GV2 devices are deployed. Access control lists (ACLs) and VLANs should be used to isolate management interfaces and sensitive network segments. Monitoring and logging of local network traffic for unusual HTTP requests targeting the /H5/state_view.data endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider temporary mitigations such as disabling or restricting access to the HTTP management interface from untrusted internal hosts. Additionally, physical security controls should be enforced to prevent unauthorized local network access. Organizations should engage with D-Link support channels to obtain firmware updates or patches as they become available and plan for timely deployment. Regular vulnerability scanning and penetration testing should include checks for this vulnerability to ensure it is not exploitable in their environment.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-4901: Information Disclosure in D-Link DI-7003GV2
Description
A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-4901 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The vulnerability resides in the HTTP Endpoint component, within the function sub_41E304 of the /H5/state_view.data file. An attacker who has access to the local network can exploit this flaw to retrieve sensitive information from the device. The vulnerability does not require authentication, user interaction, or elevated privileges, making it relatively straightforward to exploit for an attacker already inside the local network. However, the attack vector is limited to local network access, meaning remote exploitation over the internet is not feasible without prior network access. The CVSS v4.0 base score is 5.3, indicating a medium severity level. The vulnerability could potentially expose configuration details or operational state information that could be leveraged for further attacks or network reconnaissance. No patches or fixes have been publicly linked yet, and while the exploit has been disclosed publicly, there are no known active exploitations in the wild at this time.
Potential Impact
For European organizations, the impact of this vulnerability primarily concerns internal network security. If an attacker gains access to the local network—via compromised devices, insider threats, or physical access—they could exploit this vulnerability to gather sensitive information from the affected D-Link routers. This information disclosure could facilitate lateral movement within the network, enable more targeted attacks, or reveal network topology and device configurations. Organizations relying on the DI-7003GV2 model for critical infrastructure or sensitive operations could face increased risk of espionage or data leakage. The medium severity rating suggests that while the vulnerability is not immediately critical, it poses a meaningful risk in environments where network segmentation and access controls are weak or where the device is deployed in sensitive network segments. Given the lack of remote exploitability, the threat is mitigated somewhat by robust perimeter defenses but remains a concern for internal security posture.
Mitigation Recommendations
European organizations should implement strict network segmentation to limit access to the local network where D-Link DI-7003GV2 devices are deployed. Access control lists (ACLs) and VLANs should be used to isolate management interfaces and sensitive network segments. Monitoring and logging of local network traffic for unusual HTTP requests targeting the /H5/state_view.data endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider temporary mitigations such as disabling or restricting access to the HTTP management interface from untrusted internal hosts. Additionally, physical security controls should be enforced to prevent unauthorized local network access. Organizations should engage with D-Link support channels to obtain firmware updates or patches as they become available and plan for timely deployment. Regular vulnerability scanning and penetration testing should include checks for this vulnerability to ensure it is not exploitable in their environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-17T13:06:08.268Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd0f81484d88663aeb80e
Added to database: 5/20/2025, 6:59:04 PM
Last enriched: 7/11/2025, 8:34:11 PM
Last updated: 7/30/2025, 4:07:34 PM
Views: 10
Related Threats
CVE-2025-9011: SQL Injection in PHPGurukul Online Shopping Portal Project
MediumCVE-2025-9010: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9009: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-31961: CWE-1220 Insufficient Granularity of Access Control in HCL Software Connections
LowCVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.