CVE-2025-10093 MEDIUM

CVE-2025-10093: D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure

Vendor D-Link

Product DIR-852

Weakness CWE-200 · Info exposure

Published September 8, 2025

Last update September 8, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

September 8, 2025 CVE published

September 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10093 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2025-10093: D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure

01Description

02Disclosure timeline

03References

04Related CVE