CVE-2025-63835
Published: 10 November 2025
Summary
CVE-2025-63835 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ac18 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces bounds checking and input validation on parameters like guestSsid to prevent stack buffer overflows from oversized data.
Requires timely identification, reporting, and correction of the specific buffer overflow flaw in the WifiGuestSet interface.
Implements memory protections like non-executable stack or ASLR to mitigate remote code execution from controlled stack overflows, though DoS crashes may still occur.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow in the public-facing web interface (/goform/WifiGuestSet) enables exploitation for initial access via T1190 (Exploit Public-Facing Application) and denial of service through application exploitation (T1499.004), potentially leading to device crash or RCE.
NVD Description
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of…
more
service (device crash) or potential remote code execution.
Deeper analysisAI
A stack-based buffer overflow vulnerability, tracked as CVE-2025-63835, affects Tenda AC18 routers running firmware version v15.03.05.05_multi. The issue resides in the guestSsid parameter handled by the /goform/WifiGuestSet web interface, where insufficient bounds checking allows oversized input to overflow the stack buffer. This flaw is associated with CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Remote attackers with low privileges, such as authenticated users, can exploit this vulnerability over the network with low complexity and no user interaction required. By sending specially crafted oversized data to the guestSsid parameter, attackers can trigger a denial of service condition causing the device to crash, or potentially achieve remote code execution if the overflow is controlled precisely.
The primary advisory reference is a GitHub report detailing the vulnerability at https://github.com/babraink/cve_report/blob/main/cve_report/tenda/tendaAC18/2_wifiguest_guestssid_overflow/README.md, which security practitioners should consult for exploit details and any recommended mitigations, as no patch information is specified in available data.
Details
- CWE(s)