Cyber Resilience

CVE-2025-15254

MediumPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0326 86.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-15254 is a medium-severity Command Injection (CWE-77) vulnerability in Tenda W6-S Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-15254 is an OS command injection vulnerability (CWE-77, CWE-78) discovered in Tenda W6-S router firmware version 1.0.0.4(510), published on 2025-12-30. The issue resides in the TendaAte function of the /goform/ate file within the ATE Service component, where manipulation leads to arbitrary command execution.

The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating exploitation over the network with low complexity, requiring low privileges but no user interaction. A remote attacker with such access can inject OS commands, potentially resulting in limited impacts to confidentiality, integrity, and availability.

Advisories and related resources, including VulDB entries (ctiid.338644, id.338644, submit.725499) and a GitHub repository detailing the exploit at github.com/dwBruijn/CVEs/blob/main/Tenda/ate.md, provide further technical details. The manufacturer's site at tenda.com.cn may offer patch information, though specifics are not detailed in the CVE description.

The exploit has been made public and could be used, increasing the risk for unpatched Tenda W6-S devices.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been…

more

made public and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

CVE enables exploitation of public-facing web application (router firmware) via command injection, directly facilitating Network Device CLI abuse for arbitrary OS command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15255Same product: Tenda W6-S
CVE-2025-1819Same vendor: Tenda
CVE-2025-28220Same product: Tenda W6-S
CVE-2025-28221Same product: Tenda W6-S
CVE-2025-10442Same vendor: Tenda
CVE-2026-38835Same vendor: Tenda
CVE-2026-31255Same vendor: Tenda
CVE-2025-25632Same vendor: Tenda
CVE-2026-8265Same vendor: Tenda
CVE-2026-5547Same vendor: Tenda

Affected Assets

tenda
w6-s firmware
1.0.0.4\(510\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection vulnerability by requiring validation and sanitization of inputs to the TendaAte function in /goform/ate.

prevent

Mandates timely flaw remediation through firmware patching to eliminate the command injection vulnerability in Tenda W6-S 1.0.0.4(510).

prevent

Enforces least privilege to limit the scope and impact of arbitrary OS commands executed via the low-privilege remote access exploitation.

References