CVE-2025-29635 D-Link CVE debrief

Who should care

Organizations that own, manage, or expose D-Link DIR-823X devices should care immediately, especially security teams, network administrators, and anyone responsible for internet-facing edge devices or small-office/home-office routers.

Technical summary

The available source corpus identifies the issue as a command injection vulnerability affecting the D-Link DIR-823X. CISA’s KEV entry records the product, vulnerability name, date added, and a remediation requirement pointing to vendor instructions. No CVSS score or deeper technical exploitation details were provided in the supplied sources.

Defensive priority

High. CISA has placed this CVE in the Known Exploited Vulnerabilities catalog, which makes it time-sensitive. The due date in the KEV record is 2026-05-08.

Recommended defensive actions

• Apply mitigations per D-Link’s vendor instructions referenced by CISA.
• Prioritize remediation before the CISA KEV due date of 2026-05-08.
• If mitigations are unavailable, discontinue use of the D-Link DIR-823X as CISA advises.
• Inventory all DIR-823X devices and confirm whether any are exposed to untrusted networks.
• Monitor vendor and CISA guidance for updated remediation steps or product-specific notices.

Evidence notes

CISA’s KEV source entry explicitly lists CVE-2025-29635 as “D-Link DIR-823X Command Injection Vulnerability,” with vendorProject D-Link, product DIR-823X, dateAdded 2026-04-24, and dueDate 2026-05-08. The KEV metadata also cites a D-Link support announcement labeled SAP10469 and the NVD CVE detail page as supporting references. No CVSS score was supplied in the corpus.

Official resources