CVE-2025-12295HIGH 8.1EPSS p28.1%

CVE-2025-12295CVE-2025-12295

Description

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 28.1% · 2026-06-19T12:03:05Z
Published2025-10-27
Last modified2025-11-03

Underlying weaknesses· 2

CWE-345CWE-347

References

  1. https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695_Inte.md
  2. https://vuldb.com/?ctiid.329963
  3. https://vuldb.com/?id.329963
  4. https://vuldb.com/?submit.675854
  5. https://www.dlink.com/

2

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-12296
CVE
CVE-2025-11665
CVE
CVE-2025-6292
CVE
CVE-2025-2619
CVE
CVE-2025-10666
CVE
CVE-2025-2618
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.