What is the CVSS score of CVE-2025-6369?

CVE-2025-6369 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Dir 619l Firmware are affected by CVE-2025-6369?

A critical remote code execution vulnerability affects unsupported D-Link DIR-619L routers (CVE-2025-6369) with a public exploit available.

Is there a public PoC exploit available for CVE-2025-6369?

Yes, a public proof-of-concept exploit is available for CVE-2025-6369. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-6369?

Within 24 hours: Inventory all D-Link DIR-619L devices in production and isolate any connected to critical networks; document business justification for any retained devices. Within 7 days: Begin replacement procurement for affected units; implement network segmentation to limit router access; block external access to the /goform/formdumpeasysetup endpoint via firewall. Within 30 days: Complete replacement of all DIR-619L devices with vendor-supported alternatives or decommission unsupported hardware; validate remediation across all network segments.

Dir 619l Firmware CVE-2025-6369

EUVD-2025-18792 HIGH

Buffer Overflow (CWE-119)

2025-06-20 cna@vuldb.com

Buffer Overflow D-Link RCE Dir 619l Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18792

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Jun 25, 2025 - 20:09 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 22:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

CVE-2025-6369 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L v2.06B01 affecting the /goform/formdumpeasysetup endpoint. An authenticated remote attacker can exploit improper input validation of the curTime or config.save_network_enabled parameters to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor support available.

Technical ContextAI

The vulnerability stems from CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The D-Link DIR-619L is a wireless router running proprietary firmware; the vulnerable function formdumpeasysetup handles form data submission for easy setup configuration. The affected endpoint /goform/formdumpeasysetup fails to properly validate the length of user-supplied input in the curTime and config.save_network_enabled parameters before copying them into fixed-size stack buffers. This allows an attacker to overflow the buffer and overwrite the stack, potentially enabling arbitrary code execution. The router's web interface processes these parameters without adequate bounds checking, a common vulnerability pattern in legacy embedded device firmware.

RemediationAI

Primary remediation options are severely limited due to end-of-life status: (1) Patch: No security patch is available from D-Link; v2.06B01 is the final firmware release for this model. (2) Upgrade: Organizations should migrate to a current, actively supported router model from D-Link or an alternative vendor that receives security updates. (3) Workarounds/Mitigations: (a) Restrict network access to the management interface by disabling remote administration and limiting local access to trusted networks only via firewall rules; (b) Implement network segmentation to isolate the router from critical systems; (c) Change default credentials and enforce strong authentication if possible; (d) Monitor network traffic for exploitation attempts targeting /goform/formdumpeasysetup; (e) Deploy intrusion detection/prevention signatures to detect buffer overflow patterns. (4) Compensating Controls: Place the device behind a WAF or proxy that validates input length; disable the easy setup functionality if the device web interface allows. Given the critical nature and lack of patches, immediate decommissioning of affected devices is strongly recommended.

CVE-2025-6369 vulnerability details – vuln.today

Back

Dir 619l Firmware CVE-2025-6369

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code