CVE-2025-11296
Published: 05 October 2025
Summary
CVE-2025-11296 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements input validation mechanisms to restrict the pptpUserName argument and prevent buffer overflow exploitation in /goform/formPPTPSetup.
Deploys memory protections like non-executable memory or ASLR to mitigate arbitrary code execution from the buffer overflow vulnerability.
Establishes processes for timely flaw remediation, including patching the buffer overflow in Belkin F9K1015 firmware version 1.00.10.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability in the Belkin F9K1015 router's web interface (/goform/formPPTPSetup) via remote manipulation of pptpUserName enables exploitation of a public-facing application for initial access.
NVD Description
A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to…
more
the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11296 is a buffer overflow vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in unknown code within the /goform/formPPTPSetup file, where manipulation of the pptpUserName argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, granting high levels of confidentiality, integrity, and availability impact, potentially leading to full router compromise, such as unauthorized access, data theft, or further network pivoting.
Advisories from VulDB and a public GitHub repository detail the issue, including a proof-of-concept exploit. The vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are mentioned. The exploit has been publicly disclosed and may be actively used.
In notable context, the vulnerability was published on 2025-10-05, with immediate public availability of exploit code, increasing the risk of real-world attacks against unpatched Belkin F9K1015 devices.
Details
- CWE(s)