Cyber Posture

CVE-2025-22904

CriticalPublic PoC

Published: 16 January 2025

Published
16 January 2025
Modified
09 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0050 66.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22904 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Edimax Re11S Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents stack overflows by validating and sanitizing inputs like the pptpUserName parameter in the setWAN function.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries or ASLR to block arbitrary code execution from stack-based buffer overflows.

SI-2 Flaw Remediation good match
prevent

Requires timely patching of the specific stack overflow flaw in RE11S v1.11 to eliminate the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated stack buffer overflow in public-facing WAN config function (setWAN) directly enables exploitation of public-facing applications for arbitrary code execution and device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

Deeper analysisAI

CVE-2025-22904 is a stack-based buffer overflow vulnerability in RE11S version 1.11, triggered through the pptpUserName parameter in the setWAN function. This flaw, classified under CWE-120, affects the software component handling WAN configuration, likely within Edimax networking devices as indicated by associated references. The vulnerability carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to network accessibility and potential for severe impacts.

A remote attacker requires no privileges or user interaction to exploit this issue over the network with low complexity. Successful exploitation could allow arbitrary code execution, leading to high confidentiality, integrity, and availability impacts, such as full device compromise, data theft, or disruption of network services.

References include the RE11S vendor site (re11s.com), a GitHub proof-of-concept repository demonstrating the stack overflow (github.com/xyqer1/RE11S_1.11-setWAN-3-StackOverflow), and Edimax's global site (edimax.com), though specific mitigation or patch details are not detailed in available information.

Details

CWE(s)
CWE-120

Affected Products

edimax
re11s firmware
1.11

CVEs Like This One

CVE-2025-22916Same product: Edimax Re11S
CVE-2025-22907Same product: Edimax Re11S
CVE-2025-22913Same product: Edimax Re11S
CVE-2025-22906Same product: Edimax Re11S
CVE-2025-22905Same product: Edimax Re11S
CVE-2025-22912Same product: Edimax Re11S
CVE-2024-48420Same vendor: Edimax
CVE-2024-48416Same vendor: Edimax
CVE-2020-37125Same vendor: Edimax
CVE-2024-57482Shared CWE-120

References