VulnHub

Real-time Cybersecurity News

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

Security Affairs
Actively Exploited
CVEExploitVulnerabilityBotnet

Overview

The Mirai botnet is exploiting a newly discovered vulnerability in older D-Link routers, identified as CVE-2025-29635. This command injection flaw allows attackers to execute arbitrary commands through specially crafted POST requests. The vulnerability is particularly concerning because it affects discontinued models that many users may still have in operation. With the public disclosure of a proof-of-concept (PoC) exploit, the risk of widespread attacks increases, putting users who have not updated their devices at significant risk. It's crucial for affected users to take immediate action to secure their routers to prevent unauthorized access.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Discontinued D-Link routers that are vulnerable to CVE-2025-29635.
  • Action Required: Users should immediately update their D-Link routers to the latest firmware version provided by the manufacturer.
  • Timeline: Newly disclosed

Original Article Summary

Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without […]

Impact

Discontinued D-Link routers that are vulnerable to CVE-2025-29635.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should immediately update their D-Link routers to the latest firmware version provided by the manufacturer. If no updates are available, users should consider replacing their devices with supported models. Additionally, disabling remote management features and changing default credentials can help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 1 more.

Read Original Article

Related Coverage

New Mirai campaign exploits RCE flaw in EoL D-Link routers

BleepingComputer

A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.

Apr 22, 2026

DDoS wave continues as Mastodon hit after Bluesky incident

Security Affairs

Mastodon experienced a significant DDoS attack shortly after Bluesky faced a similar disruption. Both platforms, which serve as decentralized social networking sites, were temporarily knocked offline due to these attacks. Mastodon managed to restore its services within a few hours, but the timing of these incidents raises concerns about the security of emerging social media platforms. DDoS attacks can severely impact user experience and trust, making it crucial for these services to enhance their defenses against such threats. Users and developers alike should remain vigilant as these incidents highlight the ongoing challenges in securing online communication tools.

Apr 22, 2026

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

The Hacker News

Researchers have discovered that malicious Docker images were uploaded to the official 'checkmarx/kics' repository on Docker Hub. Unknown attackers managed to overwrite existing tags such as v2.1.20 and alpine, and they also created a new tag, v2.1.21, which does not match any legitimate release. This poses a significant risk to users who may unknowingly download these compromised images, potentially exposing their systems to vulnerabilities. Companies relying on these Docker images for software development or deployment should take immediate action to ensure their environments are secure. This incident highlights the ongoing challenges in securing software supply chains against malicious actors.

Apr 22, 2026

The Supreme Court is about to decide how far geofence warrants can go

CyberScoop

The Supreme Court is set to rule on a significant legal case, Chatrie v. United States, which questions the legality of geofence warrants. Specifically, the court will address whether a single warrant can authorize a broad sweep of location data from many individuals in a given area. This case is crucial because it challenges the interpretation of 'probable cause' when law enforcement seeks to access location information from potentially everyone nearby. The outcome could have far-reaching implications for privacy rights and law enforcement practices, particularly in how they gather evidence during investigations. The decision may redefine the balance between public safety and individual privacy, impacting how similar cases are handled in the future.

Apr 22, 2026

The LiteLLM attack was a warning shot for Agentic AI supply chains

SCM feed for Latest

The LiteLLM attack serves as a significant warning for companies relying on Agentic AI supply chains. Researchers observed that this incident exposed vulnerabilities in how these AI systems are integrated and managed, suggesting that existing security measures are insufficient. As attackers increasingly target AI frameworks, organizations need to rethink their security strategies and adopt a more proactive approach to safeguard their data and resources. This incident is a wake-up call, urging teams to prioritize security in their AI operations to prevent potential breaches that could lead to severe consequences. The ramifications of this attack could affect various sectors, especially those heavily invested in AI technologies.

Apr 22, 2026

Spain dismantles major $4.7M manga piracy platform, arrests four

BleepingComputer

Spanish authorities have shut down a significant manga piracy platform that has been operating since 2014 and attracted millions of users worldwide each month. The operation, which involved four arrests, targeted a site that facilitated unauthorized access to manga content, impacting both creators and the publishing industry. This crackdown is part of broader efforts to combat online piracy, which poses financial risks to legitimate businesses and artists. By dismantling this platform, law enforcement aims to protect intellectual property rights and support the creative community. The case underscores the ongoing battle against digital piracy in the publishing sector.

Apr 22, 2026