What is CVE-2025-22968?

A critical vulnerability in D-Link DWR-M972V firmware allows remote code execution via SSH using root account without restrictions. Immediate patching is essential.

What is the severity of CVE-2025-22968?

CVE-2025-22968 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-22968 | Critical Vulnerability in D-Link DWR-M972V Firmware

CVE-2025-22968 is a critical vulnerability affecting the D-Link DWR-M972V firmware version 1.05SSG. This vulnerability allows a remote attacker to execute arbitrary code via SSH using the root account without restrictions. The severity of this vulnerability, with a CVSS score of 9.8, indicates a high level of risk to organizations that utilize this device.

The possibility for attackers to gain unauthorized access to the device and execute arbitrary code poses a significant threat. Organizations using affected D-Link products are at high risk, and immediate action is necessary to mitigate potential exploitation.

Risk to organizations includes unauthorized control over network devices, data breaches, and potential disruption of services. Therefore, organizations should prioritize patching immediately.

As of the latest information, this vulnerability has a known exploit, and public proof of concept (PoC) has been made available. Organizations must take this threat seriously and implement the necessary updates.

Vulnerability Details

The vulnerability is characterized by the ability to execute arbitrary code via SSH on the D-Link DWR-M972V 1.05SSG firmware. The CVSS score of 9.8 categorizes this as a critical vulnerability, indicating high impact on confidentiality, integrity, and availability.

The vulnerability is classified under CWE-94, which pertains to code injection issues. The publication date is January 15, 2025, and organizations should ensure that they have updated their devices to the latest firmware to avoid exploitation.

Technical Analysis

The root cause of this vulnerability stems from insufficient validation of user input, allowing attackers to execute arbitrary commands without proper authentication. The attack vector is network-based, with a low complexity level since no special privileges or user interaction is required.

The impact of exploitation can lead to complete control over the affected device, which could compromise the integrity and confidentiality of the data it processes. Organizations are advised to implement strict network controls to limit access to the affected devices.

Risk & Impact Analysis

The real-world risk includes the potential for widespread unauthorized access to sensitive information and the ability to disrupt operations. The blast radius of this vulnerability is extensive, as it could allow attackers to pivot to other connected networks or devices, escalating their attack.

Given the critical nature of this vulnerability and its high CVSS score, organizations should assess their exposure and prioritize remediation based on their risk management protocols.

Urgency for addressing this vulnerability is heightened due to its inclusion in the CVE list and the availability of exploits. Organizations should address in priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version for this vulnerability is D-Link DWR-M972V firmware version 1.05SSG. Organizations should ensure they are running the latest firmware version available from D-Link to mitigate this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations must update to the latest firmware version provided by D-Link. If the patch is not immediately available, consider implementing network segmentation and access controls to limit exposure to the vulnerable device.

Additionally, organizations may benefit from engaging in penetration testing to identify any other potential vulnerabilities and ensure their systems are secure.

Detection Guidance

Organizations should monitor logs for any unauthorized SSH access attempts and track changes to the system configuration. Behavioral anomalies should be logged and investigated promptly.

AppSecure Threat Intelligence Insight

The D-Link DWR-M972V vulnerability illustrates the critical importance of maintaining up-to-date firmware in network devices. The trend of vulnerabilities allowing remote code execution emphasizes the need for proactive security measures.

Security teams should prioritize regular updates and vulnerability assessments as part of their security posture. Continuous monitoring and adopting a comprehensive vulnerability management program can help mitigate risks associated with such vulnerabilities.

Furthermore, organizations should consider adopting penetration testing methodologies to identify and remediate vulnerabilities before they can be exploited by attackers.

The significance of this vulnerability and its potential impact on organizations cannot be understated. A robust, systematic approach to security can help protect against future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-22968: Critical Vulnerability in D-Link DWR-M972V Firmware