Cyber Posture

CVE-2025-32010

High

Published: 20 August 2025

Published
20 August 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 67.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32010 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Remediates the stack-based buffer overflow in the Cloud API by applying vendor firmware patches to eliminate the vulnerability.

SI-10 Information Input Validation good match
prevent

Validates incoming HTTP responses to the Cloud API endpoint to reject specially crafted inputs that trigger buffer overflows.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries, ASLR, and DEP to block arbitrary code execution from stack-based buffer overflows in the Cloud API.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in router Cloud API enables remote exploitation of public-facing network device interface for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability.

Deeper analysisAI

CVE-2025-32010 is a stack-based buffer overflow vulnerability (CWE-121) in the Cloud API functionality of the Tenda AC6 router running firmware version V5.0 V02.03.01.110. The issue arises when processing a specially crafted HTTP response, which can trigger the overflow and lead to arbitrary code execution. Published on 2025-08-20 with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), it affects the router's cloud connectivity features.

A remote network-based attacker can exploit this vulnerability by sending a malicious HTTP response to the Cloud API endpoint, requiring high attack complexity but no authentication, privileges, or user interaction. Successful exploitation enables arbitrary code execution on the device, compromising confidentiality, integrity, and availability with high impact, potentially allowing full control over the router for further network attacks or persistence.

Mitigation details and in-depth analysis are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2168. Security practitioners should consult this report for vendor patch status, workaround recommendations, and exploitation techniques.

Details

CWE(s)
CWE-121

Affected Products

tenda
ac6 firmware
02.03.01.110

CVEs Like This One

CVE-2025-29121Same product: Tenda Ac6
CVE-2025-12225Same product: Tenda Ac6
CVE-2026-4960Same product: Tenda Ac6
CVE-2026-4961Same product: Tenda Ac6
CVE-2025-0349Same product: Tenda Ac6
CVE-2025-1814Same product: Tenda Ac6
CVE-2025-70252Same product: Tenda Ac6
CVE-2025-52221Same product: Tenda Ac6
CVE-2025-7914Same product: Tenda Ac6
CVE-2025-29030Same product: Tenda Ac6

References