The Cybersecurity and Infrastructure Security Agency (CISA) has identified three additional vulnerabilities being actively exploited by threat actors, prompting their immediate inclusion in the Known Exploited Vulnerabilities (KEV) Catalog on August 5, 2025.
These Common Vulnerabilities and Exposures (CVEs) specifically target D-Link networking devices, representing significant security risks to both federal and private sector organizations.
Critical D-Link Device Vulnerabilities
The newly cataloged vulnerabilities include CVE-2020-25078, an unspecified vulnerability affecting D-Link DCS-2530L and DCS-2670L surveillance cameras, and CVE-2020-25079, a command injection vulnerability in the same device models.
Additionally, CVE-2022-40799 targets the D-Link DNR-322L network video recorder through a download of code without an integrity check vulnerability.
Command injection vulnerabilities like CVE-2020-25079 allow malicious actors to execute arbitrary commands on compromised systems by manipulating input validation mechanisms.
This attack vector enables unauthorized access to device configurations, potentially leading to complete system compromise.
The unspecified nature of CVE-2020-25078 suggests multiple attack pathways may exist within the affected firmware, while CVE-2022-40799’s integrity check bypass allows threat actors to install malicious code without detection.
These Internet of Things (IoT) devices commonly serve as entry points for lateral network movement, making them high-value targets for Advanced Persistent Threat (APT) groups and cybercriminals seeking to establish persistent network access.
Federal Agencies Face Mandatory Remediation
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must implement immediate remediation measures for these newly identified vulnerabilities within specified timeframes.
The directive establishes the KEV Catalog as an authoritative resource for vulnerability prioritization, requiring agencies to patch or mitigate known exploited vulnerabilities before addressing other security issues.
CISA strongly recommends that private sector organizations adopt similar vulnerability management practices, prioritizing KEV Catalog entries in their patch management workflows.
Organizations should immediately audit their networks for affected D-Link devices and implement available firmware updates or compensating controls such as network segmentation and access control lists (ACLs).
The inclusion of these vulnerabilities underscores the ongoing threat landscape targeting legacy IoT infrastructure, emphasizing the critical importance of maintaining current security postures across all network-connected devices.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=CISA+Warns+of+Actively+Exploited+D-Link+Vulnerabilities+in+the+Wild){kind=link}