CVE-2025-14665
Published: 14 December 2025
Summary
CVE-2025-14665 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Wh450 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates the 'page' argument in HTTP requests to /goform/DhcpListClient, preventing stack-based buffer overflows from malformed or oversized inputs.
Provides runtime memory protections like stack canaries, DEP, and ASLR to block exploitation of the stack-based buffer overflow vulnerability.
Ensures timely flaw remediation through patching or mitigation of the buffer overflow in the Tenda WH450 firmware's HTTP request handler.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated stack-based buffer overflow in public-facing HTTP endpoint (/goform/DhcpListClient) on Tenda WH450 router enables remote code execution via exploitation of public-facing application.
NVD Description
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be…
more
executed remotely. The exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2025-14665 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) in Tenda WH450 firmware version 1.0.0.18. The issue affects an unknown function in the /goform/DhcpListClient file within the HTTP Request Handler component, where manipulation of the "page" argument triggers the overflow. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-12-14.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories reference a publicly available proof-of-concept exploit on GitHub, including reproduction instructions, hosted at https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/DhcpListClient/DhcpListClient.md. Additional details are provided on VulDB (https://vuldb.com/?ctiid.336397, https://vuldb.com/?id.336397, https://vuldb.com/?submit.714400). No vendor patches are mentioned in the available references.
The exploit has been released to the public and may be used for attacks, increasing the risk of real-world exploitation against unpatched Tenda WH450 devices.
Details
- CWE(s)