CVE-2025-7505
Published: 12 July 2025
Summary
CVE-2025-7505 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring identification, reporting, and correction of the stack-based buffer overflow flaw in the router firmware.
Requires validation of the manipulated 'page' argument in the HTTP POST request to prevent the buffer overflow.
Implements memory safeguards like stack canaries or non-executable stacks to block arbitrary code execution from the buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the public-facing HTTP POST handler (/goform/L7Prot) of Tenda FH451 router web interface enables remote arbitrary code execution without authentication, directly facilitating exploitation of a public-facing application.
NVD Description
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function frmL7ProtForm of the file /goform/L7Prot of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. It…
more
is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7505 is a critical stack-based buffer overflow vulnerability affecting the Tenda FH451 router running firmware version 1.0.0.9. The issue resides in the frmL7ProtForm function within the /goform/L7Prot component of the HTTP POST Request Handler, where manipulation of the "page" argument triggers the overflow.
The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction required. Attackers need low privileges (PR:L), such as those obtainable through default credentials or prior access, to send a specially crafted HTTP POST request. Successful exploitation grants high impacts on confidentiality, integrity, and availability (CVSS 8.8: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), potentially allowing arbitrary code execution. A public proof-of-concept exploit has been disclosed.
Advisories from VULDB (ctiid.316188, id.316188) and a GitHub repository detail the vulnerability, including payload examples for the affected endpoint. No vendor patches or specific mitigation guidance are referenced in the available sources.
Details
- CWE(s)