CVE-2025-7529
Published: 13 July 2025
Summary
CVE-2025-7529 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of inputs like the 'page' argument to prevent stack-based buffer overflows from malformed data.
SI-16 implements memory protections such as stack canaries or DEP to block unauthorized code execution from stack buffer overflows.
SI-2 ensures timely flaw remediation through firmware patching to eliminate the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the /goform/Natlimit web endpoint of Tenda FH1202 router enables remote code execution via exploitation of a public-facing application.
NVD Description
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7529 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the fromNatlimit function in the /goform/Natlimit file of Tenda FH1202 router firmware version 1.2.0.14(408). Published on 2025-07-13, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), enabling remote exploitation through manipulation of the 'page' argument.
Attackers with low privileges, such as authenticated users, can remotely trigger the buffer overflow over the network with low complexity. Successful exploitation grants high-impact control over confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories detail the issue on VulDB (ctiid.316225, id.316225, submit.612955), with a public exploit disclosure available at https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md. The vendor site at www.tenda.com.cn/ is referenced, though specific patch or mitigation guidance is not outlined in the provided references.
The exploit has been disclosed to the public and may be used in attacks.
Details
- CWE(s)