Cyber Resilience

CVE-2025-12265

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12265 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-12265 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw affects the fromVirtualSer function in the /goform/VirtualSer file, where manipulation of the page argument triggers the overflow. Published on 2025-10-27, it is associated with CWE-119 and CWE-120.

The vulnerability enables remote exploitation requiring low privileges (PR:L), network access (AV:N), low attack complexity (AC:L), and no user interaction (UI:N). With a CVSS v3.1 base score of 8.8 (S:U/C:H/I:H/A:H), attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution.

Advisories reference VulDB entries (ctiid.329936, id.329936, submit.674012) and a GitHub issue at QIU-DIE/CVE/issues/18, where the exploit has been publicly disclosed and could be used for attacks. The Tenda vendor site is listed at www.tenda.com.cn.

The exploit availability heightens the risk for exposed Tenda CH22 devices.

EU & UK References

Vulnerability details

A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has…

more

been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow vulnerability in the unauthenticated web management interface (/goform/VirtualSer) of the Tenda CH22 router enables remote exploitation for arbitrary code execution or denial of service, directly facilitating exploitation of a public-facing application.

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22
CVE-2025-9443Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-9007Same product: Tenda Ch22
CVE-2025-8180Same product: Tenda Ch22
CVE-2025-12274Same product: Tenda Ch22
CVE-2025-9813Same product: Tenda Ch22
CVE-2025-9006Same product: Tenda Ch22
CVE-2025-12234Same product: Tenda Ch22
CVE-2025-12273Same product: Tenda Ch22

Affected Assets

tenda
ch22 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the buffer overflow in Tenda CH22 firmware by requiring timely remediation through vendor patches for the vulnerable fromVirtualSer function.

prevent

Prevents exploitation of the buffer overflow by enforcing validation of the 'page' argument in the /goform/VirtualSer endpoint to avoid buffer overruns.

prevent

Mitigates arbitrary code execution from the buffer overflow via memory protection mechanisms such as address space randomization and non-executable memory.

References