CVE-2025-7434
Published: 11 July 2025
Summary
CVE-2025-7434 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack-based buffer overflow by enforcing validation of the 'page' argument in POST requests to /goform/addressNat, preventing improper input manipulation.
Implements memory protection mechanisms like stack canaries, ASLR, and DEP to prevent exploitation of the stack buffer overflow in the fromAddressNat function.
Establishes flaw remediation processes to identify, test, and apply patches or updates for the specific buffer overflow vulnerability in Tenda FH451 firmware up to 1.0.0.9.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the Tenda FH451 router's web interface (/goform/addressNat) via unauthenticated POST request with 'page' argument enables remote code execution on a public-facing network device.
NVD Description
A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page leads to…
more
stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 routers running firmware versions up to 1.0.0.9. The flaw affects the fromAddressNat function within the /goform/addressNat component of the POST Request Handler, where manipulation of the "page" argument triggers the overflow.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). It can be exploited remotely by an authenticated attacker with low privileges, without requiring user interaction, potentially leading to high impacts on confidentiality, integrity, and availability, such as arbitrary code execution.
Advisories reference GitHub repositories that disclose full exploit details, including payloads, and VulDB entries documenting the issue (ctiid.316004, id.316004). No vendor patches or specific mitigations are detailed in the available information, but the public exploit disclosure increases the risk of active exploitation.
Details
- CWE(s)