CVE-2025-65288 identifies a buffer overflow vulnerability in the Mercury MR816v2 device firmware version 4.8.7 Build 110427 Rel 36550n. The vulnerability is triggered when the device accepts hostnames from LAN hosts that exceed expected length limits. The affected code fails to validate the length of these hostnames before copying or concatenating them into fixed-size buffers, leading to a classic buffer overflow condition. This can cause the device to crash, resulting in denial of service, and potentially allow an attacker to execute arbitrary code remotely on the device. The vulnerability does not require authentication and can be exploited by sending crafted hostnames from any host within the local network segment. No CVSS score has been assigned yet, and no patches or known exploits are currently available. The lack of proper input validation is a critical flaw in the device’s network stack, exposing it to memory corruption attacks. Given the device’s role in network infrastructure, successful exploitation could disrupt network operations or provide a foothold for further attacks within the network. The vulnerability was reserved in November 2025 and published in December 2025, indicating recent discovery. Organizations using this device should urgently assess exposure and apply mitigations.

For European organizations, the impact of CVE-2025-65288 could be significant, especially for those relying on Mercury MR816v2 devices in their network infrastructure. Exploitation could lead to denial of service, disrupting critical network connectivity and business operations. More severely, remote code execution could allow attackers to gain control over the device, enabling interception or manipulation of network traffic, lateral movement within the network, and persistent compromise. This could affect confidentiality, integrity, and availability of enterprise networks. Industries with high dependency on stable network infrastructure such as finance, telecommunications, government, and critical infrastructure operators are at elevated risk. The vulnerability’s exploitation from within the LAN means that insider threats or compromised internal hosts could trigger attacks. The absence of patches increases the window of exposure, necessitating immediate compensating controls. The threat could also undermine trust in network reliability and increase incident response costs.

1. Immediately identify and inventory all Mercury MR816v2 devices within the network environment. 2. Implement network segmentation to isolate vulnerable devices from untrusted or less secure LAN segments, limiting exposure to potentially malicious hosts. 3. Deploy ingress filtering and hostname validation at network boundaries to detect and block abnormally long or malformed hostnames before they reach the device. 4. Monitor network traffic for unusual hostname lengths or patterns indicative of exploitation attempts. 5. Restrict administrative access to the device and enable logging to detect suspicious activity. 6. Engage with the vendor for firmware updates or patches; if unavailable, consider temporary device replacement or removal from critical network paths. 7. Educate internal users and administrators about the risk of sending crafted hostnames and enforce strict endpoint security to prevent internal compromise. 8. Prepare incident response plans specifically addressing potential device compromise or denial of service scenarios related to this vulnerability.