{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-10547","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","state":"PUBLISHED","assignerShortName":"certcc","dateReserved":"2025-09-16T11:35:24.694Z","datePublished":"2025-10-03T11:35:43.752Z","dateUpdated":"2025-11-04T22:06:30.559Z"},"containers":{"cna":{"title":"CVE-2025-10547","descriptions":[{"lang":"en","value":"An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption."}],"source":{"discovery":"UNKNOWN"},"affected":[{"vendor":"DrayTek Corporation","product":"Vigor1000B","versions":[{"status":"affected","version":"0","lessThan":"4.4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2962","versions":[{"status":"affected","version":"0","lessThan":"4.4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor3910","versions":[{"status":"affected","version":"0","lessThan":"4.4.3.6","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor3912","versions":[{"status":"affected","version":"0","lessThan":"4.4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2135","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2763","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2765","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2766","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2865","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2865 LTE Series","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2865L-5G Series","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2866","versions":[{"status":"affected","version":"1.0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2866 LTE","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2927","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor 2927 LTE","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2927L-5G","versions":[{"status":"affected","version":"0","lessThan":"4.5.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2915","versions":[{"status":"affected","version":"0","lessThan":"4.4.6.1","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2862","versions":[{"status":"affected","version":"0","lessThan":"3.9.9.12","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2862 LTE","versions":[{"status":"affected","version":"0","lessThan":"3.9.9.12","versionType":"custom"}]},{"vendor":"DrayTek Corporation","product":"Vigor2926","versions":[{"status":"affected","version":"0","lessThan":"3.9.9.12","versionType":"custom"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-456: Missing Initialization of a Variable"}]}],"references":[{"url":"https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/"}],"x_generator":{"engine":"VINCE 3.0.26","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2025-10547"},"providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2025-10-20T15:58:45.010Z"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-03T14:33:21.692268Z","id":"CVE-2025-10547","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-16T18:32:38.126Z"}},{"title":"CVE Program Container","references":[{"url":"https://www.kb.cert.org/vuls/id/294418"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T22:06:30.559Z"}}]}}