Multiple Adobe Commerce and Magento Vulnerabilities

May 26, 2025

DOUBLELOADER Malware Evades Detection with ALCATRAZ – Active IOCs

May 26, 2025

Multiple D-Link DSL-3782 Vulnerabilities

May 26, 2025

Severity

High

Analysis Summary

CVE-2025-25891 CVSS:7.5

D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.

CVE-2025-25892 CVSS:9.8

D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking for sstartip, sendip, dstartip, and dendip parameters. By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.

CVE-2025-25893 CVSS:9.8

D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially-crafted request in the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2025-25894 CVSS:9.8

D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a OS command injection vulnerability. By sending a specially crafted request in the samba_wg and samba_nbn parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2025-25895 CVSS:9.8

D-Link DSL-3782 could allow a remote attacker to execute arbitrary commands on the system, caused by a OS command injection vulnerability. By sending a specially crafted request in the public_type parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2025-25896 CVSS:9.8

D-Link DSL-3782 is vulnerable to a buffer overflow, caused by improper bounds checking for destination, netmask, and gateway parameters . By sending a specially crafted packet, a remote attacker could overflow a buffer and cause the application to crash.

Impact

Buffer Overflow
Gain Access

Indicators of Compromise

CVE

CVE-2025-25891
CVE-2025-25892
CVE-2025-25893
CVE-2025-25894
CVE-2025-25895
CVE-2025-25896

Affected Vendors

D-Link

Affected Products

D-Link DSL-3782 1.01

Remediation

Refer to the D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple Adobe Commerce and Magento Vulnerabilities

DOUBLELOADER Malware Evades Detection with ALCATRAZ – Active IOCs

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.