CVE-2025-15006
Published: 22 December 2025
Summary
CVE-2025-15006 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Wh450 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information input validation directly prevents the stack-based buffer overflow by enforcing bounds checking on the manipulated ipaddress argument in the HTTP request handler.
Memory protection safeguards such as stack canaries, ASLR, and DEP prevent unauthorized code execution from the stack buffer overflow vulnerability.
Flaw remediation requires patching the specific buffer overflow in the Tenda WH450 firmware's /goform/CheckTools to eliminate remote exploitability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated stack-based buffer overflow in /goform/CheckTools via ipaddress parameter enables remote exploitation of a public-facing web application on the Tenda WH450 router.
NVD Description
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can…
more
be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Deeper analysisAI
CVE-2025-15006 is a stack-based buffer overflow vulnerability affecting the Tenda WH450 router on firmware version 1.0.0.18. The flaw exists in an unknown functionality of the /goform/CheckTools file within the HTTP Request Handler component, where manipulation of the ipaddress argument triggers the overflow.
The vulnerability enables remote exploitation with no privileges required, low attack complexity, and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Advisories and references, including VulDB entries (ctiid.337712, id.337712) and GitHub proof-of-concept code, detail the issue but provide no specific mitigation or patch information. The public PoC demonstrates reproduction of the buffer overflow.
Notable context includes the exploit's public availability, which could facilitate attacks, with the CVE published on 2025-12-22T02:16:01.343.
Details
- CWE(s)