CVE-2025-11527
Published: 09 October 2025
Summary
CVE-2025-11527 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac7 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates this CVE by identifying, prioritizing, and applying patches to the stack-based buffer overflow in the Tenda AC7 firmware.
Information input validation enforces bounds checking and sanitization on the Password argument in /goform/fast_setting_pppoe_set, preventing the buffer overflow.
Memory protection safeguards like stack canaries, ASLR, and non-executable stacks prevent successful exploitation of the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow vulnerability in the Tenda AC7 router's web management interface (/goform/fast_setting_pppoe_set), exploitable remotely via crafted Password input, enables exploitation of public-facing applications.
NVD Description
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit…
more
has been publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2025-11527 is a stack-based buffer overflow vulnerability affecting the Tenda AC7 router running firmware version 15.03.06.44. The issue resides in an unknown function of the /goform/fast_setting_pppoe_set file, where manipulation of the Password argument triggers the overflow.
The vulnerability enables remote exploitation by an attacker with low privileges (PR:L) who has network access (AV:N), requires low attack complexity (AC:L), and needs no user interaction (UI:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), earning a CVSS v3.1 base score of 8.8. It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Advisories and references include a GitHub repository publicly disclosing the exploit at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/fast_setting_pppoe_set.md, along with VulDB entries at https://vuldb.com/?ctiid.327665, https://vuldb.com/?id.327665, and https://vuldb.com/?submit.669856. The Tenda vendor website is available at https://www.tenda.com.cn/ for further details on potential patches or mitigations.
The exploit has been publicly disclosed and may be utilized, increasing the risk of real-world attacks against affected devices.
Details
- CWE(s)