Home / Vulnerability Intelligence / CVE-2025-70231

CVE-2025-70231 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 6, 2026

D-Link DIR-513 - Path Traversal

Published: March 5, 2026Updated: March 6, 2026PoC AvailableRemote Exploitable

Overview

D-Link DIR-513 1.10 contains a path traversal caused by improper filtering of the FILECODE parameter in /goform/getAuthCode during POST requests, letting attackers access arbitrary files remotely, exploit requires crafted POST request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 10.7%(Probability of exploitation in next 30 days)

Impact

Attackers can access arbitrary files on the device, potentially exposing sensitive information or system files.

Mitigation

Update to the latest firmware version provided by D-Link.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🔴 CVE-2025-70231 - Critical (9.8) D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70231/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-70231
Severity: Critical
CVSS Score: 9.8
Type: path_traversal
Status: confirmed
EPSS: 10.7%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.7%Probability of exploitation in the next 30 days