CVE-2025-60558 identifies a buffer overflow vulnerability in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability resides in the formVirtualServ function, specifically through improper handling of the curTime parameter, which allows an attacker to overflow a buffer. This type of vulnerability (CWE-121) can lead to memory corruption, resulting in a denial of service (DoS) condition by crashing the device or potentially enabling further exploitation. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the vulnerability being remotely exploitable over the network without requiring privileges or user interaction. The impact is limited to availability, with no confidentiality or integrity loss reported. The vulnerability was reserved in late September 2025 and published in October 2025, with no patches or known exploits available at the time of reporting. The lack of authentication requirement and ease of remote exploitation make this a significant threat to affected devices. The D-Link DIR600L Ax is a consumer-grade router commonly used in home and small office environments, which may be deployed in European organizations with less stringent network perimeter controls.

For European organizations, exploitation of CVE-2025-60558 could lead to denial of service on affected D-Link DIR600L Ax routers, disrupting network connectivity and potentially impacting business operations reliant on internet access or internal network routing. While the vulnerability does not compromise data confidentiality or integrity, the loss of availability could affect remote work, VoIP services, and other critical communications. Small businesses and home offices using this router model are particularly vulnerable due to typically weaker network segmentation and fewer security controls. The absence of known exploits reduces immediate risk, but the high severity score and ease of exploitation mean attackers could develop exploits quickly. Organizations in Europe relying on this hardware should consider the risk of targeted attacks, especially in sectors where network uptime is critical. The impact is more pronounced in environments lacking redundant network infrastructure or alternative connectivity options.

1. Monitor D-Link’s official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 2. Restrict remote access to router management interfaces by disabling WAN-side administration or limiting access via firewall rules and VPNs. 3. Implement network segmentation to isolate vulnerable routers from critical systems and sensitive data. 4. Use intrusion detection/prevention systems (IDS/IPS) to monitor for anomalous traffic patterns that could indicate exploitation attempts targeting the curTime parameter. 5. For organizations with affected devices, consider replacing the D-Link DIR600L Ax routers with models from vendors with active security support and patch management. 6. Educate IT staff about this vulnerability to ensure rapid response and incident handling if exploitation is suspected. 7. Regularly back up router configurations and maintain network redundancy to minimize downtime in case of device failure.