CLASSIFICATION: CYBER THREAT ASSESSMENT CVE-2025-29635 affects D-Link DIR-823X routers via unauthenticated command injection on the /goform/set_prohibiting endpoint, enabling arbitrary code execution when POST requests are crafted with malicious payloads. The vulnerability exploits insufficient input validation in the corresponding function module and poses elevated risk given that affected units are reportedly end-of-life or end-of-service with minimal vendor support availability. Remediation options are constrained; device replacement or complete network isolation from untrusted traffic should be prioritized pending patch availability confirmation from D-Link.