CVE-2025-29031
Published: 14 March 2025
Summary
CVE-2025-29031 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-29031 is a buffer overflow vulnerability (CWE-787) affecting Tenda AC6 router firmware version v15.03.05.16, specifically in the fromAddressNat function. Published on 2025-03-14T14:15:18.430, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
The vulnerability enables remote exploitation over the network with low complexity, requiring no authentication privileges or user interaction. Attackers can achieve high confidentiality, integrity, and availability impacts, potentially resulting in arbitrary code execution or complete device compromise.
Mitigation details are available in the referenced advisory at https://github.com/WhereisDoujo/CVE/issues/5.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6429
Vulnerability details
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated buffer overflow in the router's web management interface (/goform/addressNat) via user-controlled parameters enables exploitation of a public-facing application, potentially leading to remote code execution or denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Information input validation directly prevents the buffer overflow in the fromAddressNat function by enforcing bounds checking on network inputs.
Memory protection safeguards like non-executable memory and address space randomization mitigate exploitation of the buffer overflow for arbitrary code execution.
Flaw remediation ensures timely patching of the vulnerable Tenda AC6 v15.03.05.16 firmware to eliminate the buffer overflow vulnerability.