CVE-2025-11423

CriticalPublic PoC

Published: 08 October 2025

Published

08 October 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0058 69.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11423 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the memory corruption flaw in the Tenda CH22 firmware, directly eliminating the vulnerability.

SI-10 Information Input Validation good match

prevent

Mandates validation of the 'page' argument in the /goform/SafeEmailFilter endpoint to block malformed inputs that trigger memory corruption.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like ASLR and DEP to protect against exploitation of the memory corruption vulnerability even if inputs are malformed.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Unauthenticated buffer overflow in public-facing router web interface (/goform/SafeEmailFilter) enables remote exploitation for memory corruption, facilitating arbitrary code execution (T1190) or application crash/DoS (T1499.004).

NVD Description

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has…

been made public and could be used.

Deeper analysisAI

CVE-2025-11423 is a memory corruption vulnerability (CWE-119) affecting Tenda CH22 firmware version 1.0.0.1. The issue resides in the formSafeEmailFilter function within the /goform/SafeEmailFilter endpoint, where manipulation of the "page" argument triggers the corruption. Published on 2025-10-08, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with no requirements for authentication or user interaction.

The vulnerability enables remote exploitation without privileges, allowing unauthenticated attackers to send crafted requests to the affected endpoint. Successful exploitation results in high-impact compromise of confidentiality, integrity, and availability, potentially leading to full device control via memory corruption. A public exploit is available, increasing the risk of widespread abuse against exposed Tenda CH22 devices.

Advisories and details are documented in references including a GitHub issue at https://github.com/f000x0/cve/issues/7 and VulDB entries at https://vuldb.com/?ctiid.327358, https://vuldb.com/?id.327358, and https://vuldb.com/?submit.666009, with the vendor site at https://www.tenda.com.cn/. No specific patch or mitigation details are outlined in the available information.

Details

CWE(s): CWE-119

Affected Products

tenda

ch22 firmware

1.0.0.1

CVEs Like This One

CVE-2025-13288Same product: Tenda Ch22

CVE-2025-12234Same product: Tenda Ch22

CVE-2025-12272Same product: Tenda Ch22

CVE-2025-13400Same product: Tenda Ch22

CVE-2025-12273Same product: Tenda Ch22

CVE-2025-11418Same product: Tenda Ch22

CVE-2025-12271Same product: Tenda Ch22

CVE-2025-11117Same product: Tenda Ch22

CVE-2025-12233Same product: Tenda Ch22

CVE-2025-12236Same product: Tenda Ch22

References

https://github.com/f000x0/cve/issues/7
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.327358
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.327358
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.666009
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com