Cyber Posture

CVE-2025-51087

HighPublic PoC

Published: 24 July 2025

Published
24 July 2025
Modified
28 July 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0044 63.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51087 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac8 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely remediation of identified flaws like this stack buffer overflow by applying vendor firmware patches.

SI-10 Information Input Validation good match
prevent

SI-10 mandates validation of information inputs such as the 'time' argument to prevent stack-based buffer overflows at the /goform/saveParentControlInfo endpoint.

SI-16 Memory Protection good match
prevent

SI-16 implements memory protections like stack canaries and DEP to mitigate exploitation of stack buffer overflows even if input validation fails.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The stack-based buffer overflow vulnerability in the Tenda AC8V4 router's web interface (/goform/saveParentControlInfo) via the 'time' parameter enables remote exploitation of a public-facing application, aligning with T1190: Exploit Public-Facing Application.

NVD Description

Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.

Deeper analysisAI

CVE-2025-51087 is a stack-based buffer overflow vulnerability (CWE-121) in the Tenda AC8V4 router firmware version V16.03.34.06. The flaw occurs at the /goform/saveParentControlInfo endpoint, where manipulation of the "time" argument triggers the overflow. It carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) and was published on 2025-07-24T15:15:26.693.

An unauthenticated attacker (PR:N) with network access (AV:N) can exploit the vulnerability remotely with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation leads to high confidentiality impact (C:H), such as potential disclosure of sensitive information, alongside low integrity (I:L) and availability (A:L) impacts within the unchanged scope (S:U).

Advisories and additional details, including potential patches or mitigations, are available via vendor reference at http://tenda.com and a GitHub advisory at https://github.com/TL-SN/IOT/blob/main/Tenda/Tenda-AC8v4%20%20V16.03.34.06/CVE-2025-51087.md.

Details

CWE(s)
CWE-121

Affected Products

tenda
ac8 firmware
16.03.34.06

CVEs Like This One

CVE-2025-29100Same product: Tenda Ac8
CVE-2025-29101Same product: Tenda Ac8
CVE-2025-1853Same product: Tenda Ac8
CVE-2026-4254Same product: Tenda Ac8
CVE-2026-2202Same product: Tenda Ac8
CVE-2025-25663Same product: Tenda Ac8
CVE-2026-3044Same product: Tenda Ac8
CVE-2024-57704Same product: Tenda Ac8
CVE-2024-57703Same product: Tenda Ac8
CVE-2025-25668Same product: Tenda Ac8

References