Cyber Resilience

CVE-2025-15255

HighPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0392 89.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15255 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda W6-S Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-15255 is a stack-based buffer overflow vulnerability affecting the Tenda W6-S router in version 1.0.0.4(510). The flaw resides in an unknown function of the /bin/httpd binary, specifically within the R7websSsecurityHandler component. It stems from improper handling of the Cookie argument, as classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

The vulnerability enables remote exploitation over the network with low complexity, requiring no privileges, authentication, or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8). An attacker can manipulate the Cookie argument to trigger the overflow, potentially achieving arbitrary code execution and full compromise of the affected device, including high impacts to confidentiality, integrity, and availability.

Advisories from VulDB (ctiid.338645, id.338645, submit.725500) and a GitHub repository (dwBruijn/CVEs/blob/main/Tenda/R7WebsSecurityHandler.md) provide further details on the issue. The Tenda vendor website (tenda.com.cn) is referenced for potential updates, though no specific patches are detailed in the disclosure.

The exploit has been publicly disclosed and may be utilized, increasing the risk for unpatched Tenda W6-S devices exposed to the internet.

EU & UK References

Vulnerability details

A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely.…

more

The exploit has been publicly disclosed and may be utilized.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the public-facing httpd web server of the Tenda W6-S router, exploitable remotely via manipulated Cookie header without authentication or privileges, directly enabling arbitrary code execution through exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15254Same product: Tenda W6-S
CVE-2025-12210Same vendor: Tenda
CVE-2026-6136Same vendor: Tenda
CVE-2025-7422Same vendor: Tenda
CVE-2025-15010Same vendor: Tenda
CVE-2025-9297Same vendor: Tenda
CVE-2025-11526Same vendor: Tenda
CVE-2025-7807Same vendor: Tenda
CVE-2025-7434Same vendor: Tenda
CVE-2025-7796Same vendor: Tenda

Affected Assets

tenda
w6-s firmware
1.0.0.4\(510\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires applying vendor patches or updates to fix the stack-based buffer overflow in the httpd R7websSsecurityHandler component.

prevent

Information input validation enforces proper bounds checking on the Cookie argument to prevent the buffer overflow exploitation.

prevent

Memory protection mechanisms like stack canaries, ASLR, and DEP mitigate successful exploitation of the stack-based buffer overflow.

References