CVE-2025-8758 is a high-severity vulnerability identified in the TRENDnet TEW-822DRE router, specifically in firmware version FW103B02. The vulnerability involves a least privilege violation related to the vsftpd component, which is a widely used FTP server software. The issue allows an attacker with local access to the device to perform actions beyond their assigned privilege level, potentially escalating their permissions. The attack complexity is high, requiring local access and no user interaction, but the exploitability is considered difficult. The vulnerability impacts confidentiality, integrity, and availability at a high level, as indicated by the CVSS 4.0 vector: local attack vector (AV:L), high attack complexity (AC:H), no attack prerequisites (AT:N), low privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). The vendor was notified but has not responded or provided a patch, and although the exploit has been publicly disclosed, there are no known exploits observed in the wild yet. This vulnerability could allow an attacker with physical or local network access to the device to escalate privileges, potentially leading to unauthorized configuration changes, data leakage, or disruption of network services provided by the router.

For European organizations, this vulnerability poses a significant risk, especially for those relying on TRENDnet TEW-822DRE routers in their network infrastructure. The least privilege violation could allow an attacker with local access—such as an insider threat or an attacker who has gained limited network access—to escalate privileges and compromise the router’s configuration and operation. This could lead to interception or manipulation of network traffic, unauthorized access to internal systems, or denial of service. Given the router’s role as a network gateway, exploitation could undermine the confidentiality and integrity of sensitive organizational data and disrupt business operations. The lack of vendor response and patch availability increases the risk exposure, as organizations cannot remediate the vulnerability through official updates. The high attack complexity and requirement for local access somewhat limit the threat to environments where physical or local network access is possible, but in environments with less stringent physical security or segmented networks, the risk remains substantial.

Organizations should immediately assess their network environments to identify any TRENDnet TEW-822DRE routers running the affected firmware version FW103B02. Given the absence of an official patch, mitigation should focus on reducing local access risks: enforce strict physical security controls to prevent unauthorized access to network devices; segment networks to limit local access to critical infrastructure; disable or restrict FTP services if not required; monitor network traffic for unusual FTP activity or privilege escalation attempts; implement network access controls such as NAC to restrict device connectivity; consider replacing affected devices with models from vendors that provide timely security updates; and maintain up-to-date asset inventories to quickly identify vulnerable devices. Additionally, organizations should monitor threat intelligence feeds for any emerging exploit activity related to this vulnerability and be prepared to respond promptly.