CVE-2025-4904 MEDIUM

CVE-2025-4904: D-Link DI-7003GV2 webgl.data sub_41F0FC information disclosure

Vendor D-Link

Product DI-7003GV2

Weakness CWE-200 · Info exposure

Published May 19, 2025

Last update May 19, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 19, 2025 CVE published

May 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4904

Related vulnerabilities

04Related CVE

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1 CVE-2020-26220 Information exposure in touchbase.ai CVE-2024-32780 WordPress VikRentCar Car Rental Management System plugin <= 1.3.2 - Sensitive Data Exposure via Invoices vulnerability CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure CVE-2022-40696 WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure