CVE-2025-8758 is a high-severity vulnerability identified in the TRENDnet TEW-822DRE wireless router, specifically in firmware version FW103B02. The vulnerability involves a least privilege violation related to the vsftpd component, a widely used FTP server software. The issue allows an attacker with local access to the device to perform actions beyond their intended privilege level, potentially compromising system integrity or confidentiality. The attack complexity is rated as high, meaning exploitation requires significant skill or conditions, and no user interaction is needed. The vulnerability does not require authentication but does require local access, limiting remote exploitation possibilities. The CVSS 4.0 vector (7.3) reflects a local attack vector (AV:L), high attack complexity (AC:H), no authentication required (AT:N), low privileges needed (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The vendor was notified early but has not responded, and no patches are currently available. Although the exploit has been publicly disclosed, there are no known exploits in the wild yet. This vulnerability could allow an attacker with physical or local network access to escalate privileges, potentially leading to unauthorized configuration changes, data exposure, or denial of service on the affected router device.

For European organizations, the impact of this vulnerability could be significant, especially for those relying on TRENDnet TEW-822DRE routers in their network infrastructure. The least privilege violation could enable attackers with local access—such as malicious insiders, contractors, or attackers who have gained limited network access—to escalate privileges and compromise the router. This could lead to interception or manipulation of network traffic, unauthorized changes to network configurations, or disruption of network availability. Given the high confidentiality, integrity, and availability impacts, sensitive data could be exposed or altered, and network services could be disrupted. The lack of vendor response and absence of patches increases the risk exposure period. Organizations with decentralized or less controlled physical access environments are particularly vulnerable. The requirement for local access limits remote exploitation but does not eliminate risk in environments where attackers can gain internal network access through other means, such as compromised endpoints or Wi-Fi access.

To mitigate this vulnerability, European organizations should first identify any deployment of TRENDnet TEW-822DRE routers running firmware FW103B02. Since no official patch is available, organizations should consider the following specific actions: 1) Restrict physical and local network access to these devices strictly, ensuring only authorized personnel can connect locally. 2) Segment networks to isolate critical infrastructure and limit lateral movement opportunities for attackers who gain local access. 3) Monitor network traffic for unusual FTP activity or privilege escalation attempts related to vsftpd. 4) Disable or restrict FTP services on the router if not essential, or replace the device with a more secure alternative. 5) Implement strong internal access controls and logging to detect and respond to suspicious activities promptly. 6) Engage with TRENDnet support channels persistently to seek firmware updates or advisories. 7) Consider deploying endpoint security solutions that can detect attempts to exploit local vulnerabilities. These targeted mitigations go beyond generic advice by focusing on access control, network segmentation, and service restriction specific to the affected component and device.