CVE-2025-7468
Published: 12 July 2025
Summary
CVE-2025-7468 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the known buffer overflow flaw in the Tenda FH1201 firmware via patching or upgrades.
Prevents exploitation of the buffer overflow by enforcing validation of the manipulated 'page' argument in HTTP POST requests to the fromSafeUrlFilter function.
Mitigates buffer overflow consequences through memory protections like non-executable stacks and address randomization, limiting arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing HTTP POST handler on network device firmware directly enables remote exploitation of a public-facing application for RCE/DoS.
NVD Description
A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow.…
more
The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7468 is a critical buffer overflow vulnerability (CWE-119, CWE-120) in Tenda FH1201 router firmware version 1.2.0.14. It affects the fromSafeUrlFilter function within the /goform/fromSafeUrlFilter file of the HTTP POST Request Handler component. The vulnerability is triggered by manipulation of the "page" argument in an HTTP POST request.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), allowing remote exploitation over the network by attackers with low privileges and no user interaction required. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or denial of service on the affected device.
Advisories referenced in VulDB entries (ctiid.316120, id.316120, submit.610394) and a detailed writeup on a Notion site describe the issue and public exploit disclosure. The Tenda vendor website is also listed for further information; practitioners should review these sources for any patch availability or mitigation recommendations, as the exploit has been publicly released and may be actively used.
Details
- CWE(s)