CVE-2025-15008
Published: 22 December 2025
Summary
CVE-2025-15008 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Wh450 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack-based buffer overflow vulnerability by requiring timely application of vendor firmware patches or updates for the affected Tenda WH450 router.
Prevents exploitation of the buffer overflow by enforcing validation of the 'page' argument in HTTP requests to the /goform/L7Port endpoint, restricting operations within memory bounds.
Mitigates stack-based buffer overflow exploits through memory protections such as stack canaries, ASLR, and DEP, limiting unauthorized code execution from the overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the unauthenticated, public-facing HTTP handler (/goform/L7Port) enables remote exploitation of a public-facing application.
NVD Description
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated…
more
remotely. The exploit is now public and may be used.
Deeper analysisAI
CVE-2025-2025-15008 is a stack-based buffer overflow vulnerability affecting the Tenda WH450 router on firmware version 1.0.0.18. The flaw exists in an unknown part of the /goform/L7Port file within the HTTP Request Handler component, where manipulation of the "page" argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rating it as high severity.
The vulnerability enables remote exploitation without authentication or user interaction. An attacker can send a crafted HTTP request to the affected endpoint, causing a stack-based buffer overflow that may lead to limited impacts on confidentiality, integrity, and availability, such as partial data disclosure, modification, or denial of service.
Advisories and references, including VulDB entries (vuldb.com/?ctiid.337714, vuldb.com/?id.337714) and a public proof-of-concept on GitHub (github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md), detail the issue and provide reproduction steps. The exploit is publicly available and may be used, as noted in the CVE description published on 2025-12-22. No specific patches or mitigations are mentioned in the available information.
Details
- CWE(s)