CVE-2025-4897
Published: 18 May 2025
Summary
CVE-2025-4897 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda A15 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A buffer overflow vulnerability affects the Tenda A15 wireless router in firmware versions 15.13.07.09 and 15.13.07.13. The flaw resides in an unknown portion of the /goform/multimodalAdd endpoint within the HTTP POST Request Handler component; unsanitized input supplied via this interface triggers memory corruption classified under CWE-119 and CWE-120.
An attacker with low-privileged network access can remotely submit a crafted POST request to the affected endpoint. Successful exploitation yields high-impact consequences on confidentiality, integrity, and availability, enabling arbitrary code execution or device compromise. A public proof-of-concept has already been disclosed.
The EPSS score remains flat at 0.0103 with no material increase since disclosure, indicating limited observed exploitation interest to date. No vendor advisory or patch information is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15644
Vulnerability details
A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to…
more
initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing HTTP POST handler (/goform/multimodalAdd) of Tenda A15 router web interface enables remote exploitation for potential code execution or DoS, directly mapping to T1190: Exploit Public-Facing Application.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.