CVE-2025-7932

CVE Database · CVE-2025-7932

CVE-2025-7932

· MEDIUMAnalyzed

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

5.48%

Published

Jul 21, 2025

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-74CWE-77

Affected Products (2)

dlink · dir-817l_firmware (up to 1.04b01)vulnerable

dlink · dir-817l

References (5)

https://github.com/Patr1ck-S/Patr1ck-S.github.io/blob/main/D-Link%20DIR%E2%80%91817L%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi(1).md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.317061

Permissions RequiredVDB Entry