Summary

A new Mirai-based malware campaign is exploiting a high-severity vulnerability in D-Link DIR-823X routers. This vulnerability, CVE-2025-29635, allows attackers to enlist affected devices into a botnet.

Key Points

• The campaign targets a command-injection vulnerability identified as CVE-2025-29635.
• Affected devices are D-Link DIR-823X routers, which are end-of-life (EoL).
• The vulnerability is classified as high-severity.
• The exploitation allows remote code execution (RCE), enabling attackers to control the devices.
• The campaign is actively enlisting compromised routers into a Mirai botnet.

Analysis

The exploitation of CVE-2025-29635 in D-Link routers highlights the risks associated with using end-of-life hardware, which no longer receives security updates. The ability of the Mirai botnet to leverage this vulnerability for remote code execution underscores the critical need for organizations to regularly update or replace outdated equipment to mitigate security risks.

Conclusion

IT professionals should immediately assess their network for any D-Link DIR-823X routers and replace them with supported models. Regularly updating hardware and software to supported versions is essential to protect against such vulnerabilities.