Cyber Resilience

CVE-2025-69765

HighPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69765 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-69765 is a stack overflow vulnerability affecting Tenda AX3 firmware version v16.03.12.11, specifically in the formGetIptv function due to improper handling of the list parameter. This issue, classified as CWE-121, can lead to memory corruption and remote code execution. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-03-03T18:16:24.193.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation triggers stack-based memory corruption in the affected function, enabling potential remote code execution and high-impact disruption to availability, as indicated by the CVSS metrics.

Mitigation details and further technical analysis are available in the referenced advisory at https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef809db06fc8677ad4b2ba.

EU & UK References

Vulnerability details

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in exposed formGetIptv handler of router firmware web interface directly enables unauthenticated remote code execution against a public-facing network service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-69766Same product: Tenda Ax3
CVE-2025-69764Same product: Tenda Ax3
CVE-2025-69763Same product: Tenda Ax3
CVE-2025-69762Same product: Tenda Ax3
CVE-2025-71023Same product: Tenda Ax3
CVE-2025-71026Same product: Tenda Ax3
CVE-2025-55603Same product: Tenda Ax3
CVE-2025-71027Same product: Tenda Ax3
CVE-2025-71024Same product: Tenda Ax3
CVE-2025-55605Same product: Tenda Ax3

Affected Assets

tenda
ax3 firmware
16.03.12.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the list parameter input to formGetIptv to prevent stack overflow and memory corruption.

prevent

Implements memory safeguards like stack canaries or DEP to protect against exploitation of the stack overflow for remote code execution.

prevent

Mandates timely patching of the specific firmware flaw in Tenda AX3 v16.03.12.11 to remediate the stack overflow vulnerability.

References