How severe is CVE-2025-2360?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-2360?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-2360 - MEDIUM Severity | CVSS 7.3

Vulnerability Description

A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2023-3518

HIGH

CVSS:7.3(High)

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

CWE-2662023

CVE-2023-40109

HIGH

CVSS:7.3(High)

In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional exec...

CWE-2662023

CVE-2024-12782

MEDIUM

CVSS:7.3(High)

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /h...

CWE-2662024

CVE-2024-13030

MEDIUM

CVSS:7.3(High)

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/Se...

CWE-2662024

CVE-2024-13200

MEDIUM

CVSS:7.3(High)

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterc...

CWE-2662024

CVE-2024-45759

HIGH

CVSS:7.3(High)

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially explo...

CWE-2662024