Cyber Resilience

CVE-2025-12225

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
28 October 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12225 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12225 is a stack-based buffer overflow vulnerability affecting Tenda AC6 routers on firmware version 15.03.06.50. The flaw exists in an unknown processing function of the /goform/WifiGuestSet file within the HTTP Request Handler component, triggered by manipulation of the shareSpeed argument. Published on 2025-10-27 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

The vulnerability enables remote exploitation by attackers possessing low privileges, requiring only network access, low complexity, and no user interaction. Successful attacks can result in high confidentiality, integrity, and availability impacts, potentially leading to arbitrary code execution on the affected device.

Advisories from VulDB detail the issue and reference a publicly disclosed proof-of-concept exploit on GitHub targeting the WifiGuestSet buffer overflow. The Tenda vendor website provides general support resources, but no specific patch details are outlined in the available references; practitioners should monitor for firmware updates and restrict access to the affected endpoint where possible.

The exploit PoC has been made public, increasing the risk of active exploitation against unpatched Tenda AC6 devices.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be…

more

launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the router's HTTP handler (/goform/WifiGuestSet) enables remote code execution via exploitation of a public-facing web application.

CVEs Like This One

CVE-2026-4961Same product: Tenda Ac6
CVE-2025-0349Same product: Tenda Ac6
CVE-2025-1814Same product: Tenda Ac6
CVE-2026-4960Same product: Tenda Ac6
CVE-2025-32010Same product: Tenda Ac6
CVE-2025-7914Same product: Tenda Ac6
CVE-2025-29121Same product: Tenda Ac6
CVE-2025-29031Same product: Tenda Ac6
CVE-2024-46450Same product: Tenda Ac6
CVE-2025-27129Same product: Tenda Ac6

Affected Assets

tenda
ac6 firmware
15.03.06.50

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of information inputs such as the shareSpeed argument to prevent stack-based buffer overflows from malformed HTTP requests.

prevent

SI-16 implements memory protections like stack canaries and ASLR to mitigate exploitation of stack-based buffer overflows in the HTTP Request Handler.

prevent

SI-2 mandates timely flaw remediation through firmware updates to address the specific buffer overflow vulnerability in Tenda AC6 firmware.

References