CVE-2025-10443
Published: 15 September 2025
Summary
CVE-2025-10443 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac9 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the cmdinput argument in /goform/exeCommand to prevent buffer overflow exploitation.
Mandates timely remediation of the identified buffer overflow flaw through firmware patching for affected Tenda AC9/AC15 routers.
Implements memory protections such as stack guards and address space randomization to mitigate successful buffer overflow exploits.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web form (/goform/exeCommand) directly enables remote code execution via crafted cmdinput, mapping to exploitation of public-facing application and Unix shell command execution on the embedded device.
NVD Description
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly…
more
available and might be used.
Deeper analysisAI
CVE-2025-10443 is a buffer overflow vulnerability in Tenda AC9 and AC15 routers running firmware versions 15.03.05.14 and 15.03.05.18. The flaw affects the formexeCommand function in the /goform/exeCommand file, where manipulation of the cmdinput argument triggers the overflow. Published on 2025-09-15, it is associated with CWEs-119 and CWE-120.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity. Attackers with network access and low privileges, such as authenticated users, can exploit it remotely without user interaction or high complexity. Successful exploitation enables high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service.
Advisories referenced on VulDB and GitHub detail the vulnerability, including a publicly available proof-of-concept exploit. No specific patches or mitigation steps are outlined in the provided information.
Details
- CWE(s)