CVE-2025-7465
Published: 12 July 2025
Summary
CVE-2025-7465 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical buffer overflow vulnerability tracked as CVE-2025-7465 affects Tenda FH1201 firmware version 1.2.0.14. The flaw is located in the fromRouteStatic function within the /goform/fromRouteStatic file of the HTTP POST Request Handler component; improper handling of the page argument triggers the overflow, which is tracked under CWE-119 and CWE-120.
An authenticated remote attacker can exploit the issue by sending a crafted HTTP POST request to the affected endpoint. Successful exploitation can result in high impact to confidentiality, integrity, and availability on the device, consistent with the CVSS 4.0 score of 7.4. The vulnerability is remotely exploitable without user interaction, and a working exploit has already been made public.
The listed references point to disclosure entries on Vuldb and a detailed Notion page, along with the vendor site, but contain no information on patches or specific mitigation steps. The associated EPSS score remains flat at 0.0110 with no material rise after publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21208
Vulnerability details
A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow.…
more
The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public router web interface (HTTP POST handler) directly enables remote exploitation of a public-facing application for RCE/DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow in the fromRouteStatic function by applying Tenda firmware updates to eliminate the vulnerability.
Requires validation of the 'page' argument in HTTP POST requests to /goform/fromRouteStatic to prevent buffer overflow exploitation.
Implements memory protections such as stack canaries and ASLR to block arbitrary code execution from the buffer overflow in the HTTP handler.