How severe is CVE-2025-4341?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-4341?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-4341 - MEDIUM Severity | CVSS 9.8

Vulnerability Description

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2005-3056

CRITICAL

CVSS:9.8(Critical)

TWiki allows arbitrary shell command execution via the Include function

CWE-742005

CVE-2011-2717

CRITICAL

CVSS:9.8(Critical)

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message...

CWE-742011

CVE-2012-1495

CRITICAL

CVSS:9.8(Critical)

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

CWE-742012

CVE-2013-1437

CRITICAL

CVSS:9.8(Critical)

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CWE-742013

CVE-2013-2010

CRITICAL

CVSS:9.8(Critical)

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

CWE-742013

CVE-2013-2095

CRITICAL

CVSS:9.8(Critical)

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

CWE-742013