CVE-2025-4902 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The vulnerability resides in the function sub_48F4F0 within the /H5/versionupdate.data file. An attacker can remotely exploit this flaw without requiring authentication or user interaction, leveraging network access to the device. The vulnerability allows unauthorized disclosure of potentially sensitive information stored or processed by the device. Although the exact nature of the leaked information is not detailed, information disclosure vulnerabilities typically expose configuration details, firmware versions, or other data that could facilitate further attacks. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality (VC:L) but not integrity or availability. There is no indication that the vulnerability has been exploited in the wild yet, but a public exploit is available, increasing the risk of exploitation. No official patches or mitigation links have been provided at this time, which suggests that affected organizations need to implement compensating controls until a vendor fix is released.

For European organizations, the impact of this vulnerability can be significant depending on the deployment scale of the D-Link DI-7003GV2 routers. Information disclosure can lead to exposure of sensitive network configuration, firmware details, or other internal data that attackers can use to plan more sophisticated attacks such as targeted intrusions, lateral movement, or exploitation of other vulnerabilities. This risk is particularly relevant for enterprises, ISPs, and critical infrastructure operators using this model. The remote, unauthenticated nature of the exploit means attackers can attempt to compromise devices from anywhere, increasing the attack surface. While the vulnerability does not directly affect system integrity or availability, the leaked information could facilitate subsequent attacks that do. Given the lack of patches, organizations face a window of exposure that could be exploited by threat actors, including cybercriminals or state-sponsored groups targeting European networks. The medium severity rating suggests a moderate but non-trivial risk, warranting prompt attention to reduce potential exposure.

1. Network Segmentation: Isolate D-Link DI-7003GV2 devices from public-facing networks and restrict access to trusted management networks only. 2. Access Control: Implement strict firewall rules to limit inbound traffic to the device’s management interfaces, allowing only authorized IP addresses. 3. Monitoring and Detection: Deploy network monitoring tools to detect unusual traffic patterns or attempts to access the vulnerable function. 4. Firmware Updates: Regularly check D-Link’s official channels for firmware updates or security advisories addressing this vulnerability and apply patches immediately upon release. 5. Device Replacement: For critical environments, consider replacing affected devices with models that have no known vulnerabilities or have received security updates. 6. Incident Response Preparation: Prepare to respond to potential exploitation attempts by having logs and forensic capabilities in place to investigate suspicious activity. 7. Vendor Engagement: Contact D-Link support to inquire about timelines for patches or recommended mitigations specific to this vulnerability.