CVE-2025-69765
Published: 03 March 2026
Summary
CVE-2025-69765 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in exposed formGetIptv handler of router firmware web interface directly enables unauthenticated remote code execution against a public-facing network service.
NVD Description
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
Deeper analysisAI
CVE-2025-69765 is a stack overflow vulnerability affecting Tenda AX3 firmware version v16.03.12.11, specifically in the formGetIptv function due to improper handling of the list parameter. This issue, classified as CWE-121, can lead to memory corruption and remote code execution. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-03-03T18:16:24.193.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation triggers stack-based memory corruption in the affected function, enabling potential remote code execution and high-impact disruption to availability, as indicated by the CVSS metrics.
Mitigation details and further technical analysis are available in the referenced advisory at https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef809db06fc8677ad4b2ba.
Details
- CWE(s)