Cyber Resilience

CVE-2025-12234

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
27 October 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12234 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12234 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw affects the fromSafeMacFilter function in the /goform/SafeMacFilter file, triggered by manipulation of the "page" argument.

The vulnerability is remotely exploitable over the network by attackers with low privileges, requiring low complexity and no user interaction. It carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), enabling high impacts on confidentiality, integrity, and availability. Associated with CWE-119 and CWE-120, the exploit has been publicly disclosed and may be used.

VulDB advisories document the issue under ctiid.329904 and id.329904, with a related submission at submit.673718. A proof-of-concept is available in the GitHub repository QIU-DIE/CVE/issues/15. The vendor page at tenda.com.cn is referenced, but no specific patch or mitigation details are provided in the available sources.

The public disclosure of the exploit increases the risk of real-world attacks against affected Tenda CH22 devices.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to…

more

the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote buffer overflow in the router's web interface (/goform/SafeMacFilter) enables exploitation of a public-facing application (T1190) for potential arbitrary code execution and denial-of-service through application crash or memory corruption (T1499.004).

CVEs Like This One

CVE-2025-12273Same product: Tenda Ch22
CVE-2025-13288Same product: Tenda Ch22
CVE-2025-14526Same product: Tenda Ch22
CVE-2025-13400Same product: Tenda Ch22
CVE-2025-12272Same product: Tenda Ch22
CVE-2025-12236Same product: Tenda Ch22
CVE-2025-11117Same product: Tenda Ch22
CVE-2025-12233Same product: Tenda Ch22
CVE-2025-12271Same product: Tenda Ch22
CVE-2025-11423Same product: Tenda Ch22

Affected Assets

tenda
ch22 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validating the 'page' argument in /goform/SafeMacFilter to ensure it conforms to expected format and length, directly preventing the buffer overflow exploitation.

prevent

Mandates timely flaw remediation by applying vendor patches or workarounds for the publicly disclosed buffer overflow in Tenda CH22 firmware version 1.0.0.1.

prevent

Enforces memory protections like address space randomization and non-executable memory to mitigate successful exploitation of the buffer overflow even if input validation fails.

References