Cyber Resilience

CVE-2025-15006

HighPublic PoC

Published: 22 December 2025

Published
22 December 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0083 52.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15006 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Wh450 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-15006 is a stack-based buffer overflow vulnerability affecting the Tenda WH450 router on firmware version 1.0.0.18. The flaw exists in an unknown functionality of the /goform/CheckTools file within the HTTP Request Handler component, where manipulation of the ipaddress argument triggers the overflow.

The vulnerability enables remote exploitation with no privileges required, low attack complexity, and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

Advisories and references, including VulDB entries (ctiid.337712, id.337712) and GitHub proof-of-concept code, detail the issue but provide no specific mitigation or patch information. The public PoC demonstrates reproduction of the buffer overflow.

Notable context includes the exploit's public availability, which could facilitate attacks, with the CVE published on 2025-12-22T02:16:01.343.

EU & UK References

Vulnerability details

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can…

more

be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated stack-based buffer overflow in /goform/CheckTools via ipaddress parameter enables remote exploitation of a public-facing web application on the Tenda WH450 router.

CVEs Like This One

CVE-2025-15007Same product: Tenda Wh450
CVE-2025-14665Same product: Tenda Wh450
CVE-2025-15010Same product: Tenda Wh450
CVE-2025-15008Same product: Tenda Wh450
CVE-2025-14878Same product: Tenda Wh450
CVE-2025-15044Same product: Tenda Wh450
CVE-2025-15047Same product: Tenda Wh450
CVE-2025-14879Same product: Tenda Wh450
CVE-2025-15046Same product: Tenda Wh450
CVE-2025-15045Same product: Tenda Wh450

Affected Assets

tenda
wh450 firmware
1.0.0.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information input validation directly prevents the stack-based buffer overflow by enforcing bounds checking on the manipulated ipaddress argument in the HTTP request handler.

prevent

Memory protection safeguards such as stack canaries, ASLR, and DEP prevent unauthorized code execution from the stack buffer overflow vulnerability.

prevent

Flaw remediation requires patching the specific buffer overflow in the Tenda WH450 firmware's /goform/CheckTools to eliminate remote exploitability.

References