CVE-2025-12274
Published: 27 October 2025
Summary
CVE-2025-12274 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the known buffer overflow flaw in Tenda CH22 firmware via patches or updates.
Prevents exploitation by enforcing validation and bounds checking on the manipulable 'page' argument in the /goform/P2pListFilter endpoint.
Mitigates buffer overflow impacts through memory protection mechanisms like stack canaries, ASLR, and DEP, hindering arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in web endpoint (/goform/P2pListFilter) enables remote exploitation of public-facing application for arbitrary code execution.
NVD Description
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The…
more
exploit has been disclosed publicly and may be used.
Deeper analysisAI
CVE-2025-12274 is a buffer overflow vulnerability affecting Tenda CH22 firmware version 1.0.0.1. The issue resides in the fromP2pListFilter function within the /goform/P2pListFilter file, where manipulation of the "page" argument triggers the overflow. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) within the unchanged scope (S:U), potentially enabling arbitrary code execution or denial of service on the affected device.
Advisories and details are available via VulDB entries (ctiid.329946, id.329946, submit.674165) and a GitHub issue at QIU-DIE/CVE/issues/23, with the vendor site at tenda.com.cn listed as a reference. The exploit has been publicly disclosed and may be used, though no specific patch or mitigation steps are detailed in the available information.
Details
- CWE(s)