CVE-2025-7572 is a critical information disclosure vulnerability affecting multiple LB-LINK router models, including BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000, specifically in firmware versions up to 20250702. The vulnerability resides in the function bs_GetHostInfo within the shared library libblinkapi.so, which is invoked via the /cgi-bin/lighttpd.cgi endpoint. An attacker can remotely exploit this flaw without requiring authentication or user interaction, leveraging the network-accessible CGI interface to manipulate the function and extract sensitive information from the device. The disclosed CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) indicates that the attack is network-based, requires low attack complexity, no privileges, no user interaction, and results in low-impact confidentiality loss. The vendor has been contacted but has not responded or issued a patch, and no official fixes or mitigations have been published. While no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of exploitation. This vulnerability could allow attackers to gather sensitive host information, potentially facilitating further attacks such as targeted exploits or network reconnaissance.

For European organizations, especially those relying on LB-LINK routers in their network infrastructure, this vulnerability poses a significant risk of unauthorized information disclosure. The leaked host information could include configuration details, network topology, or other sensitive data that attackers can use to escalate attacks or bypass security controls. This is particularly concerning for enterprises, government agencies, and critical infrastructure operators who may use these devices at network edges or in branch offices. The lack of vendor response and patch availability increases exposure time, making timely mitigation challenging. Additionally, the remote and unauthenticated nature of the exploit means that attackers can target vulnerable devices over the internet or internal networks without needing credentials, increasing the attack surface. While the CVSS score is medium, the potential for reconnaissance and subsequent attacks elevates the operational risk, especially in environments with limited network segmentation or monitoring.

Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all LB-LINK devices running affected firmware versions using network scanning and asset management tools. 2) Restrict access to the /cgi-bin/lighttpd.cgi interface by implementing firewall rules or access control lists (ACLs) to limit exposure to trusted management networks only, blocking external internet access where possible. 3) Employ network segmentation to isolate vulnerable devices from critical systems and sensitive data. 4) Monitor network traffic for unusual requests targeting the /cgi-bin/lighttpd.cgi endpoint or abnormal information disclosure patterns. 5) Consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom signatures to detect and block exploit attempts against this CGI interface. 6) Engage with LB-LINK support channels persistently to demand a security update or official guidance. 7) As a longer-term measure, evaluate replacing affected devices with alternatives from vendors with active security support and patching practices. 8) Educate IT staff about this vulnerability to ensure rapid response to any suspicious activity related to these devices.