Cyber Resilience

CVE-2025-12209

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12209 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware1.0.0.10\(2478\). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12209 is a stack-based buffer overflow vulnerability affecting the Tenda O3 router on firmware version 1.0.0.10(2478). The flaw resides in the SetValue and GetValue functions within the /goform/setDhcpConfig file, where manipulation of the dhcpEn argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by an authenticated attacker possessing low privileges. No user interaction is required, and the low attack complexity allows for straightforward exploitation, potentially granting high impacts on confidentiality, integrity, and availability. This could result in arbitrary code execution on the affected device.

Advisories and references, including a GitHub repository at https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setDhcpConfig.md detailing the exploit, VulDB entries at https://vuldb.com/?ctiid.329879, https://vuldb.com/?id.329879, and https://vuldb.com/?submit.673263, and the vendor site at https://www.tenda.com.cn/, confirm the issue. No specific patches or mitigations are detailed in the provided references.

The exploit has been publicly disclosed and may be utilized, increasing the risk for unpatched Tenda O3 devices exposed to the network.

EU & UK References

Vulnerability details

A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has…

more

been publicly disclosed and may be utilized.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the remote web management interface (/goform/setDhcpConfig) of Tenda O3 router enables remote exploitation of a public-facing application for initial access.

CVEs Like This One

CVE-2025-12212Same product: Tenda O3
CVE-2025-12211Same product: Tenda O3
CVE-2025-12210Same product: Tenda O3
CVE-2025-12213Same product: Tenda O3
CVE-2025-12214Same product: Tenda O3
CVE-2025-7417Same product: Tenda O3
CVE-2025-7418Same product: Tenda O3
CVE-2025-7422Same product: Tenda O3
CVE-2025-7419Same product: Tenda O3
CVE-2025-7423Same product: Tenda O3

Affected Assets

tenda
o3 firmware1.0.0.10\(2478\)
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the dhcpEn argument in /goform/setDhcpConfig to prevent stack-based buffer overflows from improper input handling.

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, or DEP to mitigate exploitation of the stack-based buffer overflow.

prevent

Mandates timely flaw remediation through firmware updates to patch the buffer overflow vulnerability in Tenda O3 version 1.0.0.10(2478).

References