CVE-2025-11300
Published: 05 October 2025
Summary
CVE-2025-11300 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates the ateFunc argument in /goform/formWlanMP to prevent buffer overflow from improper input manipulation.
Implements memory protection mechanisms like stack canaries and non-executable memory to mitigate exploitation of the buffer overflow vulnerability.
Requires timely identification, reporting, and remediation of flaws like this buffer overflow to prevent exploitation via public proof-of-concept.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the remotely accessible web endpoint (/goform/formWlanMP) enables exploitation of a public-facing application for initial access, with public PoC available.
NVD Description
A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The…
more
exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11300 is a buffer overflow vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in an unknown function within the /goform/formWlanMP file, triggered by manipulation of the ateFunc argument. This issue, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
The vulnerability enables remote exploitation by an attacker who has low privileges, such as those obtained through prior authentication to the device. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or denial of service on the affected router.
References, including GitHub repositories and VulDB entries, detail a publicly available proof-of-concept exploit but provide no information on vendor patches or mitigations. The vendor was notified early but has not responded, leaving affected devices without official remediation options. Security practitioners should isolate or replace vulnerable Belkin F9K1015 routers and monitor for exploitation attempts using the disclosed POC.
A public exploit has been released, increasing the risk of real-world attacks against unpatched devices. No evidence of active in-the-wild exploitation is noted in available sources.
Details
- CWE(s)