CVE-2025-65288 – A buffer overflow vulnerability in Mercury MR81... (How to Fix)

Q: What is the severity of CVE-2025-65288?

CVE-2025-65288 has a CVSS score of 6.5 (MEDIUM). A buffer overflow vulnerability in Mercury MR816v2 routers allows attackers to crash devices or potentially execute arbitrary code by sending crafted long hostnames. This affects LAN hosts that can communicate with the vulnerable router. The vulnerability stems from improper length validation when processing hostnames.

📋 TL;DR

A buffer overflow vulnerability in Mercury MR816v2 routers allows attackers to crash devices or potentially execute arbitrary code by sending crafted long hostnames. This affects LAN hosts that can communicate with the vulnerable router. The vulnerability stems from improper length validation when processing hostnames.

💻 Affected Systems

Products:

Mercury MR816v2

Versions: 4.8.7 Build 110427 Rel 36550n

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Mr816 Firmware by Mercurycom

View all CVEs affecting Mr816 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement within the network.

🟠

Likely Case

Denial of service causing router crashes and network disruption, requiring manual reboots to restore functionality.

🟢

If Mitigated

Limited to denial of service with automatic recovery if device has watchdog timers, but still causes temporary network outages.

🌐 Internet-Facing: LOW (The vulnerability requires LAN access; routers typically don't accept hostnames from WAN interfaces for this function)

🏢 Internal Only: HIGH (Any compromised device on the LAN can exploit this vulnerability to attack the router)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific hostname payloads and sending them to the router, but no public exploit code is available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://damiri.fr/en/cve/CVE-2025-65288

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware if available. 3. Upload via router admin interface. 4. Reboot router after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the vulnerable router from untrusted devices using VLANs or separate network segments

Hostname Length Restriction

all

Configure DHCP server to restrict hostname length for clients (if supported)

🧯 If You Can't Patch

Replace affected router with updated model or different vendor
Implement strict network access controls to limit which devices can communicate with the router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface: should show '4.8.7 Build 110427 Rel 36550n'

Check Version:

Login to router admin interface and check System Status or Firmware Information page

Verify Fix Applied:

Verify firmware version has changed from vulnerable version after update

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual hostname registration attempts
Buffer overflow error messages in system logs

Network Indicators:

Unusually long hostname in DHCP requests
Router becoming unresponsive
Multiple connection resets

SIEM Query:

source="router_logs" AND ("crash" OR "reboot" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-65288

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.08% exploit probability (24.4th percentile)

Published: December 9, 2025

Last Updated: December 12, 2025

🔗 References

https://damiri.fr/en/cve/CVE-2025-65288 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65288, you might also want to check these: