A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command injection vulnerability in D-Link DIR-823X routers. The vulnerability affects end-of-life router models, allowing attackers to execute remote code execution attacks. Compromised devices are being enlisted into the Mirai botnet for malicious activities. The campaign targets unpatched routers that are no longer receiving security updates from D-Link. This represents an active threat to users of these legacy networking devices.