CVE-2025-7463
Published: 12 July 2025
Summary
CVE-2025-7463 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the mit_ssid argument in HTTP POST requests to prevent buffer overflow exploitation.
Mandates timely remediation of the known buffer overflow flaw in Tenda FH1201 firmware via patches or updates.
Implements memory protections like stack guards and non-executable regions to mitigate buffer overflow leading to code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the device's HTTP POST handler (formWrlsafeset) directly enables remote exploitation of a public-facing web application, matching T1190 for initial access and arbitrary code execution.
NVD Description
A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer…
more
overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7463 is a critical buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(1.2.0.14). It affects the formWrlsafeset function in the file /goform/AdvSetWrlsafeset within the HTTP POST Request Handler component. The issue arises from manipulation of the mit_ssid argument, classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. Exploitation triggers a buffer overflow, potentially allowing high-impact compromise of confidentiality, integrity, and availability, such as arbitrary code execution on the device.
Advisories from VulDB, including details at https://vuldb.com/?ctiid.316114, https://vuldb.com/?id.316114, and https://vuldb.com/?submit.610174, document the vulnerability and public exploit disclosure. The vendor site at https://www.tenda.com.cn/ and a detailed write-up at https://candle-throne-f75.notion.site/Tenda-FH1201-formWrlsafeset-228df0aa118580a3b0dcd29972efbf0e provide further references; practitioners should monitor for firmware patches or updates from Tenda.
The exploit has been publicly disclosed and may be used in the wild.
Details
- CWE(s)