CVE-2025-7597
Published: 14 July 2025
Summary
CVE-2025-7597 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ax1803 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the stack-based buffer overflow by requiring validation of the deviceList argument in the formSetMacFilterCfg function to prevent improper memory operations.
Implements memory protections such as stack canaries or DEP to mitigate exploitation of the stack buffer overflow in the affected firmware endpoint.
Requires identification, reporting, and remediation of the specific buffer overflow flaw in Tenda AX1803 firmware version 1.0.0.1 to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the remotely accessible web management interface (/goform/setMacFilterCfg) of Tenda AX1803 router enables exploitation of a public-facing application for potential remote code execution.
NVD Description
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7597 is a critical stack-based buffer overflow vulnerability affecting Tenda AX1803 firmware version 1.0.0.1. The issue resides in the formSetMacFilterCfg function within the /goform/setMacFilterCfg endpoint, where manipulation of the deviceList argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability enables remote exploitation by attackers with low privileges, such as authenticated users on the network. By sending crafted requests to the affected endpoint, an attacker can overflow the stack, potentially leading to arbitrary code execution, data corruption, or denial of service. No user interaction is required, and the low attack complexity makes it accessible over the network without special conditions beyond initial privilege access.
References include detailed analysis and a proof-of-concept exploit published on GitHub at https://github.com/panda666-888/vuls/blob/main/tenda/ax1803/formSetMacFilterCfg.md and its POC section, alongside VulDB entries at https://vuldb.com/?ctiid.316296, https://vuldb.com/?id.316296, and https://vuldb.com/?submit.615268. No vendor patches or specific mitigation guidance are detailed in the available sources, though the public disclosure of the exploit heightens the risk of active use.
Details
- CWE(s)