Cyber Resilience

CVE-2025-4897

High

Published: 18 May 2025

Published
18 May 2025
Modified
27 May 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0103 77.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4897 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda A15 Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A buffer overflow vulnerability affects the Tenda A15 wireless router in firmware versions 15.13.07.09 and 15.13.07.13. The flaw resides in an unknown portion of the /goform/multimodalAdd endpoint within the HTTP POST Request Handler component; unsanitized input supplied via this interface triggers memory corruption classified under CWE-119 and CWE-120.

An attacker with low-privileged network access can remotely submit a crafted POST request to the affected endpoint. Successful exploitation yields high-impact consequences on confidentiality, integrity, and availability, enabling arbitrary code execution or device compromise. A public proof-of-concept has already been disclosed.

The EPSS score remains flat at 0.0103 with no material increase since disclosure, indicating limited observed exploitation interest to date. No vendor advisory or patch information is provided in the available references.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to…

more

initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the public-facing HTTP POST handler (/goform/multimodalAdd) of Tenda A15 router web interface enables remote exploitation for potential code execution or DoS, directly mapping to T1190: Exploit Public-Facing Application.

Affected Assets

tenda
a15 firmware
15.13.07.09, 15.13.07.13

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

References