CVE-2025-4904: Information Disclosure in D-Link DI-7003GV2
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-4904 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability resides in the function sub_41F0FC within the /H5/webgl.data file. This flaw allows an unauthenticated remote attacker to manipulate the vulnerable function, leading to unauthorized disclosure of sensitive information. The vulnerability is remotely exploitable without requiring any user interaction or prior authentication, which increases its risk profile. The CVSS v4.0 base score is 6.9, categorizing it as a medium severity issue. The vector string indicates the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (VC:L) with no impact on integrity or availability. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability could allow attackers to extract sensitive configuration data or other information that could facilitate further attacks or reconnaissance against the affected device or network. Given the critical role of routers in network infrastructure, such information disclosure could undermine network security posture if leveraged effectively.
Potential Impact
For European organizations, the impact of CVE-2025-4904 could be significant, especially for those relying on the D-Link DI-7003GV2 router in their network infrastructure. Information disclosure vulnerabilities can lead to leakage of sensitive configuration details, network topology, or credentials, which attackers can use to escalate attacks, conduct targeted intrusions, or bypass security controls. This risk is heightened in sectors with stringent data protection requirements such as finance, healthcare, and government institutions across Europe. Additionally, organizations with remote or distributed networks using this router model may face increased exposure due to the remote exploitability of the vulnerability. While the vulnerability does not directly affect system integrity or availability, the confidentiality breach can facilitate subsequent attacks that may compromise these aspects. The medium severity rating suggests a moderate but non-trivial risk, warranting prompt attention to prevent exploitation, especially in environments where network devices are exposed to untrusted networks or the internet.
Mitigation Recommendations
To mitigate CVE-2025-4904 effectively, European organizations should first verify if they are using the affected D-Link DI-7003GV2 firmware version 24.04.18D1 R(68125). Immediate steps include: 1) Checking for and applying any official firmware updates or patches released by D-Link addressing this vulnerability. If no patch is available, consider contacting D-Link support for guidance or firmware upgrade timelines. 2) Restricting remote access to the router's management interfaces by implementing network segmentation and firewall rules to limit access only to trusted internal networks or VPN connections. 3) Disabling any unnecessary remote management features or services that expose the vulnerable function. 4) Monitoring network traffic for unusual or suspicious activity targeting the router, especially attempts to access the /H5/webgl.data endpoint or related functions. 5) Employing intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts once such signatures become available. 6) As a longer-term measure, consider replacing affected devices with models that have a stronger security track record and receive regular security updates. These targeted actions go beyond generic advice by focusing on the specific vulnerable component and attack vector.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-4904: Information Disclosure in D-Link DI-7003GV2
Description
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-4904 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability resides in the function sub_41F0FC within the /H5/webgl.data file. This flaw allows an unauthenticated remote attacker to manipulate the vulnerable function, leading to unauthorized disclosure of sensitive information. The vulnerability is remotely exploitable without requiring any user interaction or prior authentication, which increases its risk profile. The CVSS v4.0 base score is 6.9, categorizing it as a medium severity issue. The vector string indicates the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (VC:L) with no impact on integrity or availability. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability could allow attackers to extract sensitive configuration data or other information that could facilitate further attacks or reconnaissance against the affected device or network. Given the critical role of routers in network infrastructure, such information disclosure could undermine network security posture if leveraged effectively.
Potential Impact
For European organizations, the impact of CVE-2025-4904 could be significant, especially for those relying on the D-Link DI-7003GV2 router in their network infrastructure. Information disclosure vulnerabilities can lead to leakage of sensitive configuration details, network topology, or credentials, which attackers can use to escalate attacks, conduct targeted intrusions, or bypass security controls. This risk is heightened in sectors with stringent data protection requirements such as finance, healthcare, and government institutions across Europe. Additionally, organizations with remote or distributed networks using this router model may face increased exposure due to the remote exploitability of the vulnerability. While the vulnerability does not directly affect system integrity or availability, the confidentiality breach can facilitate subsequent attacks that may compromise these aspects. The medium severity rating suggests a moderate but non-trivial risk, warranting prompt attention to prevent exploitation, especially in environments where network devices are exposed to untrusted networks or the internet.
Mitigation Recommendations
To mitigate CVE-2025-4904 effectively, European organizations should first verify if they are using the affected D-Link DI-7003GV2 firmware version 24.04.18D1 R(68125). Immediate steps include: 1) Checking for and applying any official firmware updates or patches released by D-Link addressing this vulnerability. If no patch is available, consider contacting D-Link support for guidance or firmware upgrade timelines. 2) Restricting remote access to the router's management interfaces by implementing network segmentation and firewall rules to limit access only to trusted internal networks or VPN connections. 3) Disabling any unnecessary remote management features or services that expose the vulnerable function. 4) Monitoring network traffic for unusual or suspicious activity targeting the router, especially attempts to access the /H5/webgl.data endpoint or related functions. 5) Employing intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts once such signatures become available. 6) As a longer-term measure, consider replacing affected devices with models that have a stronger security track record and receive regular security updates. These targeted actions go beyond generic advice by focusing on the specific vulnerable component and attack vector.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-17T13:06:18.586Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd0f81484d88663aeb6d4
Added to database: 5/20/2025, 6:59:04 PM
Last enriched: 7/11/2025, 7:04:05 PM
Last updated: 8/1/2025, 6:37:54 AM
Views: 11
Related Threats
CVE-2025-35970: Use of weak credentials in SEIKO EPSON Multiple EPSON product
HighCVE-2025-29866: CWE-73: External Control of File Name or Path in TAGFREE X-Free Uploader
HighCVE-2025-32094: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Akamai AkamaiGhost
MediumCVE-2025-8583: Inappropriate implementation in Google Chrome
MediumCVE-2025-8582: Insufficient validation of untrusted input in Google Chrome
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.