CVE-2025-60553

Critical

Published: 24 October 2025

Published

24 October 2025

Modified

28 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60553 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dir-600L Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates the curTime parameter to prevent buffer overflows from malformed input in formSetWAN_Wizard52.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of the buffer overflow vulnerability.

SI-11 Error Handling partial match

prevent

Ensures proper error handling for buffer overflow attempts to avoid system crashes or information disclosure without revealing exploitable details.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in the router's web management interface (formSetWAN_Wizard52) enables remote code execution via exploitation of a public-facing application.

NVD Description

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

Deeper analysisAI

CVE-2025-60553 is a buffer overflow vulnerability (CWE-120) affecting the D-Link DIR-600L Ax router on firmware version FW116WWb01. The flaw exists in the formSetWAN_Wizard52 function via the curTime parameter, which can be triggered to overflow buffers when processing malformed input.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, no required privileges or user interaction, and unchanged impact scope. Remote attackers can thus target affected devices without authentication, potentially achieving high impacts on confidentiality, integrity, and availability through buffer overflow consequences such as arbitrary code execution or system crashes.

Details on the vulnerability, including exploitation specifics for the formSetWAN_Wizard52 buffer overflow, are documented in a GitHub repository at https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/03-buffer%20overflow-formSetWAN_Wizard52.md. No vendor advisories or patches are referenced in the CVE publication dated 2025-10-24.

Details

CWE(s): CWE-120

Affected Products

dlink

dir-600l firmware

1.16wwb01

CVEs Like This One

CVE-2025-60554Same product: Dlink Dir-600L

CVE-2025-60548Same product: Dlink Dir-600L

CVE-2025-50670Same vendor: Dlink

CVE-2025-52222Same vendor: Dlink

CVE-2025-46108Same vendor: Dlink

CVE-2024-57376Same vendor: Dlink

CVE-2025-50650Same vendor: Dlink

CVE-2025-45058Same vendor: Dlink

CVE-2026-5982Same vendor: Dlink

CVE-2025-50672Same vendor: Dlink

References

https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/03-buffer%20overflow-formSetWAN_Wizard52.md
Third Party Advisory · cve@mitre.org