CVE-2025-60568 is a buffer overflow vulnerability identified in the D-Link DIR600L Ax router firmware version FW116WWb01. The vulnerability resides in the handling of the curTime parameter within the formAdvFirewall function. Buffer overflow (CWE-121) occurs when the input data exceeds the allocated buffer size, potentially overwriting adjacent memory. In this case, the flaw can be triggered remotely without authentication or user interaction, as the vulnerable function processes network requests. Exploiting this vulnerability allows an attacker to cause a denial of service (DoS) by crashing or rebooting the router, resulting in loss of availability. The CVSS v3.1 base score is 7.5, reflecting network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), and high impact on availability (A:H). No patches or known exploits have been reported as of the publication date (October 24, 2025). The vulnerability affects the specific firmware version FW116WWb01, but no other versions are listed. The absence of patches means affected users must rely on network-level mitigations until an official fix is released.

For European organizations, the primary impact of CVE-2025-60568 is the potential disruption of network connectivity and services due to router crashes or reboots. This can affect both small office/home office (SOHO) environments and small businesses relying on the D-Link DIR600L Ax router for internet access and firewall functions. Loss of availability can lead to operational downtime, reduced productivity, and potential loss of business continuity. Although the vulnerability does not compromise data confidentiality or integrity, the denial of service can indirectly affect security monitoring and incident response capabilities. Organizations with remote management enabled on these routers are at higher risk, as attackers can exploit the vulnerability over the internet. The lack of known exploits currently limits immediate widespread impact, but the vulnerability's ease of exploitation and high severity score indicate a significant risk if weaponized.

1. Immediately restrict remote access to the router's management interface by disabling WAN-side administration or limiting access to trusted IP addresses. 2. Implement network segmentation to isolate vulnerable routers from critical infrastructure and sensitive systems. 3. Deploy network intrusion detection and prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting the formAdvFirewall function or unusual packets containing malformed curTime parameters. 4. Regularly monitor vendor communications and security advisories for firmware updates or patches addressing CVE-2025-60568 and apply them promptly once available. 5. Consider replacing affected routers with models from vendors with a stronger security track record if timely patches are not forthcoming. 6. Conduct internal network scans to identify devices running the vulnerable firmware version and maintain an accurate asset inventory. 7. Educate IT staff about the vulnerability and signs of exploitation to improve detection and response readiness.