A new Mirai malware campaign is exploiting a high-severity command-injection vulnerability (CVE-2025-29635) in D-Link DIR-823X routers, allowing attackers to execute arbitrary commands and enlist the devices into a botnet. This vulnerability, affecting routers that have reached end-of-life status, has been actively exploited since March 2026, with recommendations for users to upgrade to supported models and enhance their security configurations.
The most valuable insight for you is the active exploitation of CVE-2025-29635, a high-severity RCE vulnerability in end-of-life D-Link DIR-823X routers, being used to deploy Mirai-based malware. This highlights the critical importance of decommissioning unsupported devices and ensuring that network endpoints are not vulnerable due to outdated firmware. Proactively managing end-of-life equipment and maintaining an updated asset inventory could prevent similar vulnerabilities from being exploited in your environment.