CVE-2025-11525
Published: 09 October 2025
Summary
CVE-2025-11525 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by enforcing input validation on the upnpEn argument in the /goform/SetUpnpCfg function.
Mitigates exploitation of the stack buffer overflow through memory protections such as stack canaries and address space layout randomization.
Requires timely remediation of the identified buffer overflow flaw in Tenda AC7 firmware version 15.03.06.44 via patching or updates.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the web management interface (/goform/SetUpnpCfg) of the Tenda AC7 router is remotely exploitable, enabling exploitation of a public-facing application for potential remote code execution.
NVD Description
A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed…
more
to the public and may be used.
Deeper analysisAI
CVE-2025-11525 is a stack-based buffer overflow vulnerability affecting the Tenda AC7 router running firmware version 15.03.06.44. The flaw exists in an unknown function of the /goform/SetUpnpCfg file, where manipulation of the upnpEn argument triggers the overflow. Published on 2025-10-09, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges, such as an authenticated user with network access, can remotely exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service, potentially enabling full control over the affected router.
Advisories reference a public exploit disclosure on GitHub at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/SetUpnpCfg.md, along with VulDB entries (https://vuldb.com/?ctiid.327663, https://vuldb.com/?id.327663, https://vuldb.com/?submit.669853, https://vuldb.com/?submit.669860). No patches or specific mitigations are detailed in the available information, and the exploit may be actively used.
The vulnerability's public exploit disclosure heightens risks for unpatched Tenda AC7 devices, particularly in environments with exposed routers and weak authentication.
Details
- CWE(s)