Cyber Resilience

CVE-2025-1899

HighPublic PoC

Published: 04 March 2025

Published
04 March 2025
Modified
05 March 2025
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 57.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1899 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Tx3 Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 42.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-1899 is a critical buffer overflow vulnerability in Tenda TX3 firmware version 16.03.13.11_multi. The flaw affects an unknown functionality within the /goform/setPptpUserList file, where manipulation of the argument list triggers the overflow. It is associated with CWE-119 and CWE-120.

The vulnerability enables remote exploitation by low-privileged users over the network. Per its CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), attacks require network access, low complexity, and low privileges with no user interaction, leading to high availability impact such as denial of service.

Advisories are documented on VulDB at ctiid.298417, id.298417, and submit.506607, with a proof-of-concept exploit publicly disclosed in a GitHub PDF at https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_5.pdf. The vendor site is at https://www.tenda.com.cn/.

The exploit has been disclosed to the public and may be used against vulnerable devices.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched…

more

remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in public-facing web form (/goform/setPptpUserList) enables remote low-privileged exploitation causing denial of service via application crash, directly mapping to T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1898Same product: Tenda Tx3
CVE-2025-1897Same product: Tenda Tx3
CVE-2025-1895Same product: Tenda Tx3
CVE-2025-1896Same product: Tenda Tx3
CVE-2025-8958Same product: Tenda Tx3
CVE-2026-2137Same product: Tenda Tx3
CVE-2025-12234Same vendor: Tenda
CVE-2025-12273Same vendor: Tenda
CVE-2025-10803Same vendor: Tenda
CVE-2025-13288Same vendor: Tenda

Affected Assets

tenda
tx3 firmware
16.03.13.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents buffer overflow by validating and sanitizing the manipulated argument list in /goform/setPptpUserList.

prevent

Implements memory protection mechanisms such as stack guards and address space randomization to mitigate exploitation of the buffer overflow.

prevent

Requires timely identification, reporting, and patching of flaws like this buffer overflow in Tenda TX3 firmware.

References