CVE-2025-12295 HIGH

CVE-2025-12295: D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification

Vendor D-Link
Product DAP-2695
Weakness CWE-347
Published October 27, 2025
Last update October 27, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 27, 2025 Record updated