Cyber Resilience

CVE-2025-30256

High

Published: 20 August 2025

Published
20 August 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0013 32.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30256 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-30256 is a denial of service vulnerability in the HTTP Header Parsing functionality of the Tenda AC6 router on firmware version V5.0 V02.03.01.110. A specially crafted series of HTTP requests can cause the device to reboot. The issue is classified under CWE-772 (Missing Release of Resource after Effective Lifetime) and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), highlighting its high severity due to network accessibility and availability impact.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending multiple specially crafted network packets, the attacker triggers a reboot of the affected router, leading to a denial of service condition that disrupts network services until the device recovers.

The primary advisory from Talos Intelligence, available at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2166, documents this vulnerability in detail. No specific patches or mitigations are detailed in the provided information.

EU & UK References

Vulnerability details

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct exploitation of the HTTP header parsing flaw (CWE-772) on a public-facing router interface causes device reboot, matching application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70252Same product: Tenda Ac6
CVE-2025-29029Same product: Tenda Ac6
CVE-2025-29121Same product: Tenda Ac6
CVE-2025-25343Same product: Tenda Ac6
CVE-2025-1814Same product: Tenda Ac6
CVE-2024-46450Same product: Tenda Ac6
CVE-2026-4960Same product: Tenda Ac6
CVE-2026-4961Same product: Tenda Ac6
CVE-2025-7914Same product: Tenda Ac6
CVE-2025-0349Same product: Tenda Ac6

Affected Assets

tenda
ac6 firmware
02.03.01.110

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections to prevent resource exhaustion and reboots from specially crafted HTTP requests.

prevent

Validates HTTP header inputs to block specially crafted requests that trigger resource leaks in parsing functionality.

prevent

Remediates the specific flaw in HTTP header parsing to eliminate the denial-of-service vulnerability.

References