CVE-2025-12225
Published: 27 October 2025
Summary
CVE-2025-12225 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs such as the shareSpeed argument to prevent stack-based buffer overflows from malformed HTTP requests.
SI-16 implements memory protections like stack canaries and ASLR to mitigate exploitation of stack-based buffer overflows in the HTTP Request Handler.
SI-2 mandates timely flaw remediation through firmware updates to address the specific buffer overflow vulnerability in Tenda AC6 firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's HTTP handler (/goform/WifiGuestSet) enables remote code execution via exploitation of a public-facing web application.
NVD Description
A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be…
more
launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-12225 is a stack-based buffer overflow vulnerability affecting Tenda AC6 routers on firmware version 15.03.06.50. The flaw exists in an unknown processing function of the /goform/WifiGuestSet file within the HTTP Request Handler component, triggered by manipulation of the shareSpeed argument. Published on 2025-10-27 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability enables remote exploitation by attackers possessing low privileges, requiring only network access, low complexity, and no user interaction. Successful attacks can result in high confidentiality, integrity, and availability impacts, potentially leading to arbitrary code execution on the affected device.
Advisories from VulDB detail the issue and reference a publicly disclosed proof-of-concept exploit on GitHub targeting the WifiGuestSet buffer overflow. The Tenda vendor website provides general support resources, but no specific patch details are outlined in the available references; practitioners should monitor for firmware updates and restrict access to the affected endpoint where possible.
The exploit PoC has been made public, increasing the risk of active exploitation against unpatched Tenda AC6 devices.
Details
- CWE(s)