Cyber Resilience

CVE-2025-45429

CriticalPublic PoC

Published: 23 April 2025

Published
23 April 2025
Modified
30 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0233 85.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45429 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac9 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability is a stack-based buffer overflow, identified as CWE-121, in the /goform/WifiWpsStart endpoint of the Tenda AC9 v1.0 router running firmware V15.03.05.14_multi. It carries a CVSS 3.1 score of 9.8 and can result in remote arbitrary code execution.

Unauthenticated attackers with network access can send specially crafted requests to the affected endpoint, bypassing any authentication or user interaction requirements and achieving full control over the device, including arbitrary code execution with impacts to confidentiality, integrity, and availability.

Public references consist of GitHub disclosures detailing the flaw, but no vendor advisories, patches, or mitigation guidance are provided in the available sources. The associated EPSS score remains low, with a current value of 0.0233 and a peak of 0.0244, indicating limited observed exploitation interest.

EU & UK References

Vulnerability details

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack overflow in the router's public-facing web interface (/goform/WifiWpsStart) enables remote arbitrary code execution via exploitation of a public-facing application.

Affected Assets

tenda
ac9 firmware
15.03.05.14_multi

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References