What is the CVSS score of CVE-2025-6374?

CVE-2025-6374 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Dir 619l Firmware are affected by CVE-2025-6374?

D-Link DIR-619L routers (2.06B01) contain a critical stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication.

Is there a public PoC exploit available for CVE-2025-6374?

Yes, a public proof-of-concept exploit is available for CVE-2025-6374. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-6374?

Within 24 hours: Inventory all DIR-619L 2.06B01 devices in your network and isolate any found from production environments or restrict administrative access to trusted networks only. Within 7 days: Develop a device replacement plan and timeline, prioritizing routers with direct internet exposure. Within 30 days: Complete replacement of all DIR-619L units with supported, current-generation equipment and validate network segmentation to limit blast radius if legacy devices remain temporarily.

Dir 619l Firmware CVE-2025-6374

EUVD-2025-28731 HIGH

Buffer Overflow (CWE-119)

2025-06-21 cna@vuldb.com

Buffer Overflow D-Link RCE Dir 619l Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 21:35 euvd

EUVD-2025-28731

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

PoC Detected

Jun 25, 2025 - 20:10 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 01:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

CVE-2025-6374 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01, affecting the formSetACLFilter function's curTime parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this end-of-life product, making it an immediate concern for organizations still operating legacy D-Link equipment.

Technical ContextAI

This vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable endpoint /goform/formSetACLFilter in D-Link DIR-619L's web management interface fails to properly validate the length of the 'curTime' parameter before copying it into a fixed-size stack buffer. The DIR-619L is a legacy WLAN router (CPE likely: cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*) running embedded Linux with a custom web interface. The vulnerability exists in the firmware's CGI handler that processes Access Control List (ACL) filter configuration requests. Without proper bounds checking, an attacker can overflow the stack, overwriting return addresses and other critical data structures to redirect execution flow.

RemediationAI

No official patch will be released by D-Link for this end-of-life product. Recommended actions: (1) Immediate: Disable remote management access to the router's web interface by disabling WAN-side access to port 80/443 via firewall rules; (2) Network isolation: Segregate affected routers to restricted network segments with minimal trust; (3) Access control: Enforce strong authentication credentials and disable default accounts; (4) Replacement: Migrate to current D-Link router models with active vendor support and security updates; (5) Monitoring: Deploy network IDS/IPS rules to detect exploitation attempts targeting /goform/formSetACLFilter with oversized curTime parameters; (6) Workaround: Restrict web interface access to trusted local networks only and disable any remote management features.

CVE-2025-6374 vulnerability details – vuln.today

Back

Dir 619l Firmware CVE-2025-6374

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code