Cyber Resilience

CVE-2025-15218

HighPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0286 85.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15218 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac10U Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-15218 is a buffer overflow vulnerability (CWE-119, CWE-120) in Tenda AC10U routers running firmware versions 15.03.06.48 and 15.03.06.49. The flaw affects the fromadvsetlanip function in the /goform/AdvSetLanip file, part of the POST Request Parameter Handler component. It is triggered by manipulating the lanMask argument in a POST request, leading to a buffer overflow. The vulnerability was published on 2025-12-30 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers with low privileges, such as authenticated users on the network. Low attack complexity and no user interaction are required, allowing exploitation over the network with unchanged scope. Successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or full system compromise.

Advisories and additional details are available via VulDB entries (https://vuldb.com/?ctiid.338603, https://vuldb.com/?id.338603, https://vuldb.com/?submit.725461) and the Tenda vendor site (https://www.tenda.com.cn/). A public exploit write-up is hosted at https://lavender-bicycle-a5a.notion.site/Tenda-AC10U-fromadvsetlanip-2d753a41781f800c86c8d388a38e8101. Security practitioners should consult these resources for any patches or mitigations.

The exploit has been made publicly available and could be used for attacks.

EU & UK References

Vulnerability details

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow.…

more

The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in router web management interface (/goform/AdvSetLanip) via authenticated POST request enables remote code execution, directly mapping to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15215Same product: Tenda Ac10U
CVE-2026-8263Same product: Tenda Ac10U
CVE-2026-7033Same vendor: Tenda
CVE-2026-7019Same vendor: Tenda
CVE-2026-7081Same vendor: Tenda
CVE-2026-7057Same vendor: Tenda
CVE-2026-4565Same vendor: Tenda
CVE-2026-1420Same vendor: Tenda
CVE-2025-8180Same vendor: Tenda
CVE-2025-10815Same vendor: Tenda

Affected Assets

tenda
ac10u firmware
15.03.06.48, 15.03.06.49

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the lanMask POST parameter to directly prevent buffer overflow from malicious input manipulation.

prevent

Mandates timely identification, reporting, and patching of the specific buffer overflow flaw in the router firmware.

prevent

Implements memory protections like DEP and stack canaries to block code execution from buffer overflow exploits.

References