What happened

CISA added CVE-2020-25078 to the Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed exploitation in the wild and mandatory remediation for U.S. federal agencies (CISA KEV). The entry covers D-Link DCS-2530L and DCS-2670L network camera devices and describes an unspecified flaw that could allow remote administrator password disclosure (CISA KEV). The same affected products and CVE assignment are reflected in the public records for CVE-2020-25078 (NVD, MITRE).

The KEV entry lists a date added of 2025-08-05 and sets a remediation due date of 2025-08-26 for impacted federal environments (CISA KEV). CISA’s notes caution that the impacted products could be end-of-life (EoL) and/or end-of-service (EoS), and recommend users discontinue use if mitigations are unavailable (CISA KEV). The vulnerability remains cataloged under CVE-2020-25078 and associated with the specified D-Link device models in the national vulnerability repositories (NVD, MITRE).

Why it matters

Inclusion in KEV means exploitation has been observed and remediation is prioritized over routine patch cycles by policy and practice for federal entities (CISA KEV). The cited impact—remote administrator password disclosure—directly targets the highest-privilege credentials on affected devices, heightening risk concentration on the perimeter where these cameras commonly sit (CISA KEV). When products are EoL/EoS, security fixes may be unavailable or incomplete, which is why CISA explicitly recommends discontinuation if no mitigations exist (CISA KEV).

The CVE identifier dates to 2020, underscoring that aging device fleets can remain exploitable for years until active abuse forces response prioritization (MITRE). Both NVD and MITRE maintain the canonical CVE record and affected product linkage, supporting asset identification and governance workflows that must act before the KEV due date (NVD, MITRE, CISA KEV).

Technical detail

The vulnerability is tracked as CVE-2020-25078 and assigned to D-Link DCS-2530L and DCS-2670L devices in the public CVE registries (NVD, MITRE). CISA characterizes it as an unspecified issue that could permit disclosure of the administrator password remotely, without detailing the exact vector in the KEV summary (CISA KEV). The KEV entry further notes that the impacted products could be EoL/EoS and advises users to discontinue utilization if mitigations are unavailable (CISA KEV).

Public records for this CVE establish the mapping between the identifier and the affected D-Link models, enabling defenders to align inventory to the KEV directive even in the absence of a full technical exploit breakdown in the catalog entry (NVD, MITRE, CISA KEV). KEV also records that known ransomware campaign use is not specified as known or unknown in the public summary beyond “Unknown,” reinforcing that exploitation is happening but attribution or use-case taxonomy may be incomplete at this time (CISA KEV).

Defense

CISA’s required action is explicit: apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance where relevant, or discontinue use if mitigations are unavailable (CISA KEV). For covered agencies, remediation is due by 2025-08-26 in accordance with the KEV schedule, which should be treated as a hard operational deadline (CISA KEV). Where devices are EoL/EoS, prioritize decommissioning and replacement to satisfy the KEV directive and remove unsupported risk from the environment (CISA KEV).

Operationally, teams should map assets against the affected product identifiers “DCS-2530L” and “DCS-2670L” to drive targeted response, leveraging the canonical CVE records to ensure accurate matching in CMDB and discovery tooling (NVD, MITRE). Treat this KEV item as a blocker for change windows and emergency maintenance where necessary, as exploitation has been observed and the risk is active until mitigated or removed (CISA KEV).

Lyrie Verdict

Credential disclosure on unmanaged edge devices is precisely the kind of condition that benefits from autonomous, machine-speed enforcement. Lyrie continuously ingests KEV updates and correlates asset fingerprints to affected product strings (e.g., DCS-2530L/DCS-2670L) for CVE-2020-25078, then flags them as KEV-critical for immediate action (CISA KEV, NVD, MITRE). For fleets where mitigations aren’t available due to EoL/EoS, Lyrie’s autonomous policies can quarantine or workflow these assets for removal in alignment with the KEV deadline and guidance, reducing human-in-the-loop lag where attackers are already exploiting the issue (CISA KEV).