CVE-2025-7548
Published: 13 July 2025
Summary
CVE-2025-7548 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1201 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by validating the manipulated 'page' argument in the formSafeEmailFilter function.
Implements memory protections such as stack canaries, non-executable stacks, and ASLR to mitigate exploitation of stack buffer overflows.
Requires timely identification, reporting, and patching of the specific buffer overflow flaw in the Tenda FH1201 firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's web interface (/goform/SafeEmailFilter) is remotely exploitable via the 'page' parameter, enabling exploitation of public-facing applications (T1190) and remote services (T1210) for potential code execution.
NVD Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in the Tenda FH1201 router running firmware version 1.2.0.14(408). The issue resides in the formSafeEmailFilter function within the /goform/SafeEmailFilter file, where manipulation of the "page" argument triggers the overflow. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The vulnerability is remotely exploitable.
An attacker with low privileges, such as an authenticated user on the network, can initiate the attack remotely with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
References include a GitHub repository detailing the vulnerability and providing a proof-of-concept exploit at https://github.com/panda666-888/vuls/blob/main/tenda/fh1201/formSafeEmailFilter.md and https://github.com/panda666-888/vuls/blob/main/tenda/fh1201/formSafeEmailFilter.md#poc, along with VulDB entries at https://vuldb.com/?ctiid.316246, https://vuldb.com/?id.316246, and https://vuldb.com/?submit.614658. No vendor patches or specific mitigation steps are detailed in the available advisories.
The exploit has been publicly disclosed and may be actively used by attackers targeting unpatched Tenda FH1201 devices.
Details
- CWE(s)