CVE-2025-7465
Published: 12 July 2025
Summary
CVE-2025-7465 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow in the fromRouteStatic function by applying Tenda firmware updates to eliminate the vulnerability.
Requires validation of the 'page' argument in HTTP POST requests to /goform/fromRouteStatic to prevent buffer overflow exploitation.
Implements memory protections such as stack canaries and ASLR to block arbitrary code execution from the buffer overflow in the HTTP handler.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public router web interface (HTTP POST handler) directly enables remote exploitation of a public-facing application for RCE/DoS.
NVD Description
A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow.…
more
The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7465 is a critical buffer overflow vulnerability in Tenda FH1201 router firmware version 1.2.0.14. The flaw affects the fromRouteStatic function in the /goform/fromRouteStatic file of the HTTP POST Request Handler component, where manipulation of the "page" argument triggers the overflow. It is associated with CWE-119 and CWE-120 and carries a CVSS v3.1 base score of 8.8.
The vulnerability enables remote exploitation by attackers with low privileges, requiring network access, low attack complexity, and no user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or denial of service on the affected device.
Advisories indicate the exploit has been publicly disclosed and may be actively used. Relevant references include a detailed Notion page on the vulnerability, multiple VulDB entries documenting the issue (ctiid.316117, id.316117, submit.610389), and the official Tenda website for potential firmware updates or further guidance.
Details
- CWE(s)