Cyber Posture

CVE-2025-30256

High

Published: 20 August 2025

Published
20 August 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0011 29.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30256 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match
prevent

Directly implements denial-of-service protections to prevent resource exhaustion and reboots from specially crafted HTTP requests.

SI-10 Information Input Validation good match
prevent

Validates HTTP header inputs to block specially crafted requests that trigger resource leaks in parsing functionality.

SI-2 Flaw Remediation good match
prevent

Remediates the specific flaw in HTTP header parsing to eliminate the denial-of-service vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Direct exploitation of the HTTP header parsing flaw (CWE-772) on a public-facing router interface causes device reboot, matching application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

Deeper analysisAI

CVE-2025-30256 is a denial of service vulnerability in the HTTP Header Parsing functionality of the Tenda AC6 router on firmware version V5.0 V02.03.01.110. A specially crafted series of HTTP requests can cause the device to reboot. The issue is classified under CWE-772 (Missing Release of Resource after Effective Lifetime) and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), highlighting its high severity due to network accessibility and availability impact.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending multiple specially crafted network packets, the attacker triggers a reboot of the affected router, leading to a denial of service condition that disrupts network services until the device recovers.

The primary advisory from Talos Intelligence, available at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2166, documents this vulnerability in detail. No specific patches or mitigations are detailed in the provided information.

Details

CWE(s)
CWE-772

Affected Products

tenda
ac6 firmware
02.03.01.110

CVEs Like This One

CVE-2025-70252Same product: Tenda Ac6
CVE-2025-29121Same product: Tenda Ac6
CVE-2025-29029Same product: Tenda Ac6
CVE-2025-25343Same product: Tenda Ac6
CVE-2026-4960Same product: Tenda Ac6
CVE-2026-4961Same product: Tenda Ac6
CVE-2025-52221Same product: Tenda Ac6
CVE-2025-12225Same product: Tenda Ac6
CVE-2025-7914Same product: Tenda Ac6
CVE-2025-29030Same product: Tenda Ac6

References