What is CVE-2025-15194?

CVE-2025-15194 is a critical-severity vulnerability in D-link Dir-600, classified under Stack-based Buffer Overflow. CVSS score: 9.8/10. Published 2025-12-29.

How severe is CVE-2025-15194?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in D-link Dir-600

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-b…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (54.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.

Affected products

D-link Dir-600 — versions 2.15WWb02

Weakness classification (CWE)

References

VDB-338581 | D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow (vdb-entry, technical-description)
VDB-338581 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #724404 | D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflow (third-party-advisory)
github.com/LonTan0/CVE/blob/main/Stack-Based Buffer Overflow Vulnerability in h… (related)
github.com/LonTan0/CVE/blob/main/Stack-Based Buffer Overflow Vulnerability in h… (exploit)
www.dlink.com/ (product)

Frequently asked questions

What is CVE-2025-15194?: CVE-2025-15194 is a critical-severity vulnerability in D-link Dir-600, classified under Stack-based Buffer Overflow. CVSS score: 9.8/10. Published 2025-12-29.
How severe is CVE-2025-15194?: Critical severity. CVSS v3 base score is 9.8 out of 10.