Cyber Resilience

CVE-2025-11423

HighPublic PoC

Published: 08 October 2025

Published
08 October 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0056 68.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11423 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-11423 is a memory corruption vulnerability (CWE-119) affecting Tenda CH22 firmware version 1.0.0.1. The issue resides in the formSafeEmailFilter function within the /goform/SafeEmailFilter endpoint, where manipulation of the "page" argument triggers the corruption. Published on 2025-10-08, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with no requirements for authentication or user interaction.

The vulnerability enables remote exploitation without privileges, allowing unauthenticated attackers to send crafted requests to the affected endpoint. Successful exploitation results in high-impact compromise of confidentiality, integrity, and availability, potentially leading to full device control via memory corruption. A public exploit is available, increasing the risk of widespread abuse against exposed Tenda CH22 devices.

Advisories and details are documented in references including a GitHub issue at https://github.com/f000x0/cve/issues/7 and VulDB entries at https://vuldb.com/?ctiid.327358, https://vuldb.com/?id.327358, and https://vuldb.com/?submit.666009, with the vendor site at https://www.tenda.com.cn/. No specific patch or mitigation details are outlined in the available information.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has…

more

been made public and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated buffer overflow in public-facing router web interface (/goform/SafeEmailFilter) enables remote exploitation for memory corruption, facilitating arbitrary code execution (T1190) or application crash/DoS (T1499.004).

CVEs Like This One

CVE-2025-12234Same product: Tenda Ch22
CVE-2025-13400Same product: Tenda Ch22
CVE-2025-12273Same product: Tenda Ch22
CVE-2025-14526Same product: Tenda Ch22
CVE-2025-13288Same product: Tenda Ch22
CVE-2025-12272Same product: Tenda Ch22
CVE-2025-12271Same product: Tenda Ch22
CVE-2025-11117Same product: Tenda Ch22
CVE-2025-12233Same product: Tenda Ch22
CVE-2025-11418Same product: Tenda Ch22

Affected Assets

tenda
ch22 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the memory corruption flaw in the Tenda CH22 firmware, directly eliminating the vulnerability.

prevent

Mandates validation of the 'page' argument in the /goform/SafeEmailFilter endpoint to block malformed inputs that trigger memory corruption.

prevent

Implements memory safeguards like ASLR and DEP to protect against exploitation of the memory corruption vulnerability even if inputs are malformed.

References