CVE-2025-60559 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability arises from improper handling of the curTime parameter within the formSetDomainFilter function, which leads to a stack-based buffer overflow (CWE-121). This flaw can be triggered remotely over the network without requiring any authentication or user interaction, making it highly exploitable. The impact of this vulnerability is primarily on availability, as exploitation causes the device to crash or reboot, resulting in denial of service (DoS). The CVSS v3.1 score of 7.5 reflects the high severity due to network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). There is no indication of confidentiality or integrity compromise. No patches or firmware updates have been published at the time of disclosure, and no active exploits have been observed in the wild. The affected device is a widely used consumer-grade router, which may be deployed in small offices and home environments, potentially serving as a gateway to enterprise networks. The vulnerability's exploitation could disrupt network connectivity and availability of services relying on this hardware.

For European organizations, the primary impact of CVE-2025-60559 is the potential denial of service caused by router crashes. This can disrupt internet connectivity, internal network access, and critical business operations dependent on continuous network availability. Small and medium enterprises (SMEs) and home office setups using the affected D-Link DIR600L Ax routers are particularly vulnerable. The disruption could also affect remote work capabilities and VoIP or VPN services relying on these routers. Although no data confidentiality or integrity loss is reported, the availability impact can lead to operational downtime and potential financial losses. Additionally, if attackers leverage this vulnerability as part of a larger attack chain, it could facilitate lateral movement or network reconnaissance. The lack of patches increases the risk window, emphasizing the need for proactive mitigation. European sectors with high reliance on consumer-grade networking equipment, such as education, healthcare, and small business sectors, may face elevated risks.

1. Immediately restrict remote management access to the D-Link DIR600L Ax routers by disabling WAN-side administration or limiting access via firewall rules. 2. Monitor D-Link's official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 3. Implement network segmentation to isolate vulnerable routers from critical infrastructure and sensitive systems. 4. Employ intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic patterns targeting router management interfaces. 5. Conduct regular network device inventories to identify and track affected devices within the organization. 6. Educate users and administrators about the risks of exposing router management interfaces to the internet. 7. Consider replacing affected routers with models from vendors with robust security update practices if patching is delayed. 8. Use VPNs or secure tunnels for remote access instead of exposing router interfaces directly. These measures go beyond generic advice by focusing on access control, monitoring, and network architecture adjustments specific to this vulnerability.