CVE-2025-1853
Published: 03 March 2025
Summary
CVE-2025-1853 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac8 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-1853 is a stack-based buffer overflow vulnerability in Tenda AC8 firmware version 16.03.34.06. It resides in the sub_49E098 function of the /goform/SetIpMacBind endpoint within the Parameter Handler component and is triggered by improper handling of the list argument, resulting in memory corruption classified under CWE-119, CWE-121, and CWE-787.
The flaw can be exploited remotely by an authenticated attacker who supplies a crafted list value, leading to high impact on confidentiality, integrity, and availability without requiring user interaction. Publicly disclosed proof-of-concept material demonstrates that successful exploitation may allow arbitrary code execution or device compromise.
Reference entries on Vuldb and a GitHub repository detail the vulnerability and include exploit code, while the vendor site provides no specific patch or mitigation guidance in the available records. The associated EPSS score rose from a baseline of 0.0080 to a peak of 0.0136, indicating modest but measurable post-disclosure interest in the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5817
Vulnerability details
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack…
more
may be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing web form handler (/goform/SetIpMacBind) on network device enables remote exploitation for RCE/impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates all inputs to the Parameter Handler's sub_49E098 function, preventing stack buffer overflows from manipulated argument lists.
Implements stack canaries, ASLR, and DEP to mitigate exploitation of the stack-based buffer overflow even if input validation fails.
Requires timely remediation of the identified buffer overflow flaw in Tenda AC8 firmware version 16.03.34.06 via patching or upgrades.