CVE-2025-7531
Published: 13 July 2025
Summary
CVE-2025-7531 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws like this stack-based buffer overflow, directly mitigating the vulnerability through patching.
SI-10 enforces input validation at entry points such as the delno argument in /goform/PPTPUserSetting, preventing the buffer overflow exploitation.
SI-16 implements memory protections like stack canaries or DEP to block unauthorized code execution from the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remotely exploitable stack-based buffer overflow in the Tenda FH1202 router's web interface (/goform/PPTPUserSetting) via the 'delno' parameter, enabling arbitrary code execution consistent with exploitation of a public-facing application.
NVD Description
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack…
more
remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7531 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda FH1202 routers on firmware version 1.2.0.14(408). The flaw exists in the fromPptpUserSetting function within the /goform/PPTPUserSetting file, where manipulation of the delno argument triggers the overflow.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), enabling remote exploitation over the network with low complexity. It requires low privileges, such as those of an authenticated user, and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution and full device compromise.
Public advisories on VulDB (ctiid.316227, id.316227, submit.612957) document the issue, while a proof-of-concept exploit is available on GitHub at panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md, noting that it may be used. The vendor's site at https://www.tenda.com.cn/ provides general support, but no specific patch details are referenced.
The exploit has been disclosed to the public, heightening the risk for unpatched Tenda FH1202 devices.
Details
- CWE(s)