A recently discovered Mirai-based malware campaign is leveraging a high-severity command-injection vulnerability, identified as CVE-2025-29635, to compromise end-of-life D-Link DIR-823X routers and recruit them into its botnet. This vulnerability allows for remote code execution, enabling attackers to gain control over affected devices. The campaign's success hinges on the exploitation of this flaw, which was previously undisclosed, to expand its reach and enlist more devices. The affected D-Link routers are no longer supported, making them more vulnerable to such attacks. As a result, the active attack surface has increased, with potential consequences for networks that have not taken measures to mitigate this vulnerability1. This development matters to security practitioners because it highlights the need to prioritize vulnerability management based on exposure and exploitation evidence, particularly for devices that are no longer receiving security updates.