Cyber Resilience

CVE-2025-45835

HighPublic PoC

Published: 12 May 2025

Published
12 May 2025
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0040 61.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45835 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Netis-Systems Wf2880 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 38.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and…

more

potentially leading to a denial-of-service (DoS) attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null pointer dereference in router CGI script allows remote crash via manipulated CONTENT_LENGTH, enabling endpoint denial of service through application exploitation.

Affected Assets

netis-systems
wf2880 firmware
2.1.40207

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References