CVE-2025-11295
Published: 05 October 2025
Summary
CVE-2025-11295 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the pppUserName argument in the /goform/formPPPoESetup CGI endpoint to prevent buffer overflow from improper input handling.
Implements memory protections such as DEP and ASLR to mitigate arbitrary code execution resulting from successful buffer overflow exploitation.
Mandates monitoring for and timely remediation of flaws like this buffer overflow via firmware updates or replacements when vendor patches become available.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability in the public-facing web interface (/goform/formPPPoESetup) via pppUserName parameter enables remote exploitation for initial access.
NVD Description
A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and…
more
may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11295 is a buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in the /goform/formPPPoESetup CGI endpoint, where manipulation of the pppUserName argument triggers the overflow. This issue corresponds to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
Attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution on the device.
No patches or mitigations are available, as the vendor was contacted early about the disclosure but did not respond. A proof-of-concept exploit has been published on GitHub, increasing the risk of active exploitation.
The published exploit may already be in use by attackers targeting exposed Belkin F9K1015 devices.
Details
- CWE(s)