Cyber Posture

CVE-2025-57085

CriticalPublic PoC

Published: 09 September 2025

Published
09 September 2025
Modified
17 September 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57085 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda W30E Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of input lengths for the v17 parameter in UploadCfg to directly prevent stack overflow from crafted oversized requests.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries and address space layout randomization to mitigate exploitation of the stack overflow vulnerability.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through firmware patching to eliminate the stack overflow in UploadCfg once vendor updates are available.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The stack overflow in the UploadCfg function enables remote attackers to exploit the application vulnerability, causing denial of service on the Tenda W30E router endpoint.

NVD Description

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Deeper analysisAI

CVE-2025-57085 is a stack overflow vulnerability (CWE-121) affecting the Tenda W30E router running firmware version V16.01.0.19 (5037). The flaw resides in the v17 parameter of the UploadCfg function, which handles configuration uploads and fails to properly validate input lengths, leading to buffer overflow conditions.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By sending a crafted request to the UploadCfg function, attackers can trigger the stack overflow, resulting in a Denial of Service (DoS) that crashes the device; the high confidentiality and integrity impact scores suggest potential for broader compromise such as arbitrary code execution.

Details on exploitation and proof-of-concept are available in the referenced advisory at https://github.com/vulnDetailRecord/VulforDevice/blob/main/Tenda/W30E/UploadCfg.md. No vendor patches or official mitigations are specified in the available information.

Details

CWE(s)
CWE-121

Affected Products

tenda
w30e firmware
≤ 16.01.0.19\(5037\)

CVEs Like This One

CVE-2026-38835Same product: Tenda W30E
CVE-2025-70252Same vendor: Tenda
CVE-2026-24430Same product: Tenda W30E
CVE-2026-24429Same product: Tenda W30E
CVE-2025-71020Same vendor: Tenda
CVE-2026-38834Same product: Tenda W30E
CVE-2026-24436Same product: Tenda W30E
CVE-2026-24440Same product: Tenda W30E
CVE-2026-24428Same product: Tenda W30E
CVE-2025-70651Same vendor: Tenda

References