CVE-2025-50399
Published: 26 November 2025
Summary
CVE-2025-50399 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Fastcom Fac1200R Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-50399, published on 2025-11-26, is a buffer overflow vulnerability (CWE-120) affecting the FAST FAC1200R F400_FAC1200R_Q firmware or component. The issue resides in the function sub_80435780, which can be triggered via the password parameter. It has a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
An unauthenticated attacker with network access to the affected device can exploit this vulnerability remotely with low complexity and no user interaction. Successful exploitation could allow arbitrary code execution, potentially leading to full system compromise, data exfiltration, modification of device configurations, or denial of service.
References for this vulnerability are hosted on GitHub at https://github.com/sezangel/IOT-vul/tree/main/FAST/FAC1200R/1, which likely contain proof-of-concept details or analysis, though no official vendor advisories or patches are detailed in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199732
Vulnerability details
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible firmware allows unauthenticated remote code execution on a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the password parameter to prevent buffer overflows by enforcing bounds checking and input sanitization.
Implements memory protections like ASLR, DEP, and stack canaries to mitigate arbitrary code execution from buffer overflow exploitation.
Requires identification, testing, and installation of firmware patches to remediate the specific buffer overflow flaw in sub_80435780.