Cyber Resilience

CVE-2025-10838

HighPublic PoC

Published: 23 September 2025

Published
23 September 2025
Modified
03 October 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 64.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10838 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac21 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-10838 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Tenda AC21 router firmware version 16.03.08.16. The flaw exists in the sub_45BB10 function within the /goform/WifiExtraSet CGI script, where manipulation of the wpapsk_crypto argument triggers the overflow. Published on 2025-09-23, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.

Remote attackers with low privileges, such as authenticated users, can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data (C:H), modification of system integrity (I:H), and denial of service or code execution (A:H), potentially resulting in full router compromise. A proof-of-concept exploit is publicly available.

Advisories referenced on VulDB (ctiid.325200, id.325200, submit.657126) and a GitHub repository detail the vulnerability, including a POC demonstrating the buffer overflow. No specific patches or mitigation steps are outlined in the provided disclosures.

EU & UK References

Vulnerability details

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is…

more

publicly available and might be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the public-facing web management interface (/goform/WifiExtraSet) of Tenda AC21 router enables remote exploitation for initial access.

CVEs Like This One

CVE-2026-4565Same product: Tenda Ac21
CVE-2025-11091Same product: Tenda Ac21
CVE-2025-12611Same product: Tenda Ac21
CVE-2025-13446Same product: Tenda Ac21
CVE-2026-1637Same product: Tenda Ac21
CVE-2026-2148Same product: Tenda Ac21
CVE-2025-13445Same product: Tenda Ac21
CVE-2026-1638Same product: Tenda Ac21
CVE-2025-11356Same vendor: Tenda
CVE-2026-2202Same vendor: Tenda

Affected Assets

tenda
ac21 firmware
≤ 16.03.08.16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 enforces validation of the wpapsk_crypto argument in the /goform/WifiExtraSet CGI script to prevent buffer overflow from malformed inputs.

prevent

SI-2 requires identification, reporting, and correction of the buffer overflow flaw in Tenda AC21 firmware version 16.03.08.16.

prevent

SI-16 implements memory protections such as address space layout randomization and stack guards to mitigate exploitation of the buffer overflow vulnerability.

References