Cyber Posture

CVE-2025-7421

HighPublic PoC

Published: 11 July 2025

Published
11 July 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0157 81.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7421 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda O3 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of the 'mac' argument in the fromMacFilterModify function to prevent stack-based buffer overflows from malformed inputs.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow in the httpd component.

SI-2 Flaw Remediation good match
prevent

Directly addresses remediation of the identified buffer overflow flaw in Tenda O3V2 firmware version 1.0.0.12(3880) through patching or updates.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The stack-based buffer overflow in the httpd web component (/goform/operateMacFilter) of the public-facing Tenda O3V2 router enables remote exploitation for potential code execution, directly mapping to T1190: Exploit Public-Facing Application.

NVD Description

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The…

more

attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7421 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the Tenda O3V2 device on firmware version 1.0.0.12(3880). The flaw exists in the fromMacFilterModify function of the /goform/operateMacFilter endpoint within the httpd component, where manipulation of the 'mac' argument triggers the overflow.

The vulnerability enables remote exploitation by an attacker with low privileges (PR:L) over the network (AV:N), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 8.8.

Advisories and references, including GitHub repositories detailing a proof-of-concept and VulDB entries, confirm the exploit has been publicly disclosed and may be used by attackers. No specific patches or mitigations are detailed in the available information.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
o3 firmware
1.0.0.12\(3880\)

CVEs Like This One

CVE-2025-7422Same product: Tenda O3
CVE-2025-7420Same product: Tenda O3
CVE-2025-7417Same product: Tenda O3
CVE-2025-7419Same product: Tenda O3
CVE-2025-7418Same product: Tenda O3
CVE-2025-7423Same product: Tenda O3
CVE-2025-7416Same product: Tenda O3
CVE-2025-55613Same product: Tenda O3
CVE-2025-12209Same product: Tenda O3
CVE-2025-12210Same product: Tenda O3

References