CVE-2025-7530
Published: 13 July 2025
Summary
CVE-2025-7530 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents stack-based buffer overflow by validating the manipulated Username argument in the fromPptpUserAdd function.
Mitigates exploitation of the stack-based buffer overflow through memory protections like stack canaries and address space randomization.
Addresses the root cause by requiring timely remediation of the known buffer overflow flaw via patching or updates to the affected firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in the Tenda FH1202 router's web interface (/goform/PPTPDClient fromPptpUserAdd) enables exploitation of a public-facing application for potential RCE.
NVD Description
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7530 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the fromPptpUserAdd function in the /goform/PPTPDClient component of Tenda FH1202 router firmware version 1.2.0.14(408). Published on 2025-07-13, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability enables remote exploitation by an attacker with low privileges (PR:L) who manipulates the Username argument sent to the affected endpoint. No user interaction is required, and the low attack complexity allows exploitation over the network, potentially leading to high confidentiality, integrity, and availability impacts, such as arbitrary code execution on the device.
Advisories from VulDB and a GitHub repository detail the issue, confirming the exploit has been publicly disclosed and may be used. References include exploit specifics at https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md, VulDB entries at https://vuldb.com/?ctiid.316226, https://vuldb.com/?id.316226, and https://vuldb.com/?submit.612956, as well as the vendor site at https://www.tenda.com.cn/. No specific patches are mentioned in the available information.
Details
- CWE(s)