CVE-2025-7532
Published: 13 July 2025
Summary
CVE-2025-7532 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely identification, reporting, and correction of the stack-based buffer overflow flaw through firmware patching.
Prevents exploitation by enforcing validation of the 'page' argument to block oversized inputs that trigger the buffer overflow in the webExcptypemanFilter function.
Mitigates stack-based buffer overflow exploitation through mechanisms like stack canaries, ASLR, and DEP on the affected router firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's web interface (/goform/webExcptypemanFilter) via remote manipulation of the 'page' parameter enables remote code execution, directly facilitating exploitation of a public-facing application.
NVD Description
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7532 is a critical stack-based buffer overflow vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting Tenda FH1202 routers on firmware version 1.2.0.14(408). The flaw exists in the fromwebExcptypemanFilter function of the /goform/webExcptypemanFilter file, where manipulation of the "page" argument triggers the overflow.
An attacker with network access and low privileges can remotely exploit this vulnerability without user interaction. Successful exploitation grants high-impact control over confidentiality, integrity, and availability, potentially allowing arbitrary code execution. A proof-of-concept exploit has been publicly disclosed and may be used.
Advisories from VulDB document the issue and reference a GitHub repository containing exploit details for the Tenda FH1202 endpoint. The vendor's website is listed among references, though specific patch availability or mitigation steps are not detailed in the provided sources. Security practitioners should monitor for firmware updates from Tenda.
Details
- CWE(s)