Cyber Resilience

CVE-2025-60679

HighPublic PoC

Published: 13 November 2025

Published
13 November 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60679 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-60679 is a stack buffer overflow vulnerability (CWE-121) in the D-Link DIR-816A2 router firmware version DIR-816A2_FWv1.10CNB05_R1B011D88210.img, specifically within the upload.cgi module responsible for handling firmware version information. The flaw occurs when the contents of /proc/version are read into a 512-byte buffer and then concatenated via sprintf() into a second 512-byte buffer that already holds a 29-byte constant string. Inputs from /proc/version exceeding 481 bytes overrun the second buffer, leading to the overflow.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low complexity and requiring only low privileges. An attacker able to control the content of /proc/version can trigger the overflow to potentially execute arbitrary code on the device, compromising confidentiality, integrity, and availability with high impact.

References include D-Link vendor sites such as http://d-link.com, https://www.dlink.com/en, and https://www.dlink.com/en/security-bulletin/, along with a detailed analysis at https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-816/CVE-2025-60679.md, which may provide further guidance on advisories or patches.

EU & UK References

Vulnerability details

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another…

more

512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The stack buffer overflow in the upload.cgi web module of the D-Link router firmware enables remote arbitrary code execution when oversized /proc/version content is processed, facilitating exploitation of public-facing applications and remote services.

CVEs Like This One

CVE-2026-4184Same product: Dlink Dir-816
CVE-2026-4182Same product: Dlink Dir-816
CVE-2026-4181Same product: Dlink Dir-816
CVE-2026-4183Same product: Dlink Dir-816
CVE-2026-8346Same product: Dlink Dir-816
CVE-2026-4180Same product: Dlink Dir-816
CVE-2024-57684Same product: Dlink Dir-816
CVE-2026-8345Same product: Dlink Dir-816
CVE-2026-8344Same product: Dlink Dir-816
CVE-2025-70223Same vendor: Dlink

Affected Assets

dlink
dir-816 firmware
1.10cnb05_r1b011d88210

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying, reporting, and correcting the stack buffer overflow flaw in the router firmware through timely patching.

prevent

Implements memory safeguards like stack canaries, ASLR, and DEP to prevent arbitrary code execution from the stack buffer overflow.

prevent

Requires validation of /proc/version input length before concatenation to avoid exceeding the 512-byte buffer limit.

References