CVE-2025-60551 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability arises from improper handling of the next_page parameter within the formDeviceReboot function, which is part of the router's web management interface. This buffer overflow (classified under CWE-121) can be triggered remotely without requiring any authentication or user interaction, making it highly accessible to attackers. Exploiting this flaw allows an attacker to cause a denial of service (DoS) by crashing the router, thereby disrupting network availability. The CVSS v3.1 base score of 7.5 reflects a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). Although no exploits have been observed in the wild and no patches have been released at the time of publication, the vulnerability poses a significant risk to networks relying on this router model. The absence of patches necessitates proactive mitigation strategies. The vulnerability’s technical details indicate it was reserved in late September 2025 and published in October 2025, suggesting recent discovery. The router’s widespread use in consumer and small business environments increases the potential attack surface.

For European organizations, the primary impact of CVE-2025-60551 is the potential for denial of service attacks that can disrupt network connectivity and availability. This can affect both home office setups and small to medium enterprises that rely on the D-Link DIR600L Ax router for internet access and internal networking. Disruptions could lead to operational downtime, loss of productivity, and potential cascading effects on business-critical applications dependent on continuous network availability. While confidentiality and integrity are not directly impacted, the loss of availability can hinder communication, remote work, and access to cloud services. Critical infrastructure sectors that use these routers as part of their network edge devices may face increased risk of service outages. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation if the devices are exposed to untrusted networks. European organizations with limited network segmentation or exposed management interfaces are particularly vulnerable.

1. Immediately inventory all network devices to identify any D-Link DIR600L Ax routers running firmware FW116WWb01 or similar versions. 2. Restrict access to router management interfaces by implementing firewall rules that limit access to trusted internal IP addresses only. 3. Disable remote management features on affected routers to prevent external exploitation. 4. Monitor network traffic for unusual requests targeting the formDeviceReboot function or the next_page parameter. 5. Employ network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data systems. 6. Regularly check D-Link’s official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once available. 7. Consider replacing outdated or unsupported router models with devices that receive timely security updates. 8. Educate IT staff about this vulnerability and incorporate it into incident response plans to ensure rapid mitigation if exploitation attempts are detected.