CVE-2025-6158 is a critical security vulnerability identified in the D-Link DIR-665 router, specifically version 1.00. The flaw exists in the HTTP POST Request Handler component, within the function sub_AC78, where improper input validation leads to a stack-based buffer overflow. This type of vulnerability allows an attacker to overwrite the stack memory, potentially enabling arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, increasing the risk of widespread exploitation. Although the affected product is no longer supported by D-Link, the exploit code has been publicly disclosed, raising the likelihood of active attacks. The CVSS 4.0 base score is 8.7, reflecting high severity due to the network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability with high impact, as successful exploitation could allow attackers to take full control of the device or disrupt its operation. No official patches or mitigations are available from the vendor since the product is out of support, complicating remediation efforts for affected users.

European organizations relying on the D-Link DIR-665 router version 1.00 face significant risks from this vulnerability. Compromise of these devices could lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and disruption of network services. This is particularly critical for small and medium enterprises (SMEs), home offices, and branch offices that may still use this legacy hardware due to budget constraints or lack of awareness. The ability to remotely exploit the vulnerability without authentication means attackers can scan and compromise vulnerable devices en masse, potentially using them as footholds for further attacks or as part of botnets. Given the lack of vendor support, organizations cannot rely on firmware updates, increasing exposure duration. The impact extends to critical infrastructure sectors if such devices are deployed in operational environments, potentially affecting availability and safety. Additionally, the public disclosure of exploit code increases the urgency for mitigation to prevent exploitation by less skilled threat actors.

Since no official patches are available, affected organizations should prioritize immediate network-level mitigations. These include isolating the vulnerable routers from direct internet exposure by placing them behind firewalls or VPNs, and restricting access to the device’s management interface to trusted IP addresses only. Network administrators should monitor for unusual traffic patterns indicative of exploitation attempts, such as abnormal HTTP POST requests targeting the router. Where possible, organizations should replace the DIR-665 devices with currently supported models that receive security updates. If replacement is not immediately feasible, disabling remote management features and limiting administrative access to local networks can reduce attack surface. Employing network intrusion detection systems (NIDS) with signatures for known exploit attempts can provide early warning. Regularly auditing network devices to identify legacy hardware is essential to maintain an accurate asset inventory and prioritize upgrades. Finally, educating users about the risks of unsupported devices and encouraging timely hardware refresh cycles will help prevent similar vulnerabilities from persisting.