CVE-2025-60565 is a buffer overflow vulnerability classified under CWE-121, discovered in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability arises from improper handling of the curTime parameter within the formSchedule function, which can be exploited remotely over the network without any authentication or user interaction. This flaw allows an attacker to send specially crafted requests that overflow the buffer, leading to a denial of service condition by crashing or destabilizing the router. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but a high impact on availability (A:H). There are currently no known exploits in the wild, and no patches have been released at the time of publication. The vulnerability affects the specific firmware version FW116WWb01, but the exact range of affected versions is not detailed. The router model DIR600L Ax is commonly used in home and small office environments, making it a target for attackers aiming to disrupt network availability. The absence of authentication requirements and the ease of exploitation increase the risk of widespread denial of service attacks against vulnerable devices.

For European organizations, the primary impact of CVE-2025-60565 is the potential for denial of service attacks against network infrastructure relying on the D-Link DIR600L Ax routers. This can lead to network outages, loss of internet connectivity, and disruption of business operations, especially for small offices and home office setups where this router is deployed. While the vulnerability does not compromise confidentiality or integrity, the availability impact can affect productivity and critical communications. In sectors such as finance, healthcare, and government, where network reliability is crucial, such disruptions could have cascading operational consequences. Additionally, denial of service conditions may be exploited as part of larger multi-vector attacks or to mask other malicious activities. The lack of known exploits currently provides a window for proactive mitigation, but the ease of exploitation means attackers could develop exploits rapidly once the vulnerability becomes widely known.

Since no official patches are currently available, organizations should first inventory and identify all D-Link DIR600L Ax routers running firmware FW116WWb01. Immediate mitigation steps include restricting remote access to the router's management interfaces by implementing network segmentation and firewall rules that block unsolicited inbound traffic to the device. Disabling any unnecessary remote management features and services can reduce the attack surface. Monitoring network traffic for unusual patterns targeting the formSchedule function or curTime parameter may help detect exploitation attempts. Organizations should engage with D-Link support channels to obtain firmware updates or advisories and apply patches as soon as they are released. For critical environments, consider replacing vulnerable devices with models confirmed to be unaffected or with vendor support for timely security updates. Additionally, educating users about the risks and ensuring secure configuration practices can help mitigate exploitation risks.