CVE-2025-7747
Published: 17 July 2025
Summary
CVE-2025-7747 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-7747 is a critical buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9. The flaw affects the fromWizardHandle function within the /goform/WizardHandle endpoint of the POST Request Handler component. Manipulation of the PPW argument triggers the buffer overflow, as classified under CWE-119 and CWE-120.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It can be exploited remotely over the network by an attacker with low privileges, requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, potentially leading to remote code execution or denial of service.
Advisories and references, including GitHub repositories detailing the exploit and VulDB entries, confirm the issue was published on 2025-07-17. The exploit has been publicly disclosed, making it available for use by attackers. Practitioners should consult these sources for technical details and monitor for vendor patches or firmware updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21787
Vulnerability details
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible…
more
to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability in the public-facing web interface (/goform/WizardHandle) of Tenda FH451 router enables remote exploitation of a public-facing application for initial access, potentially leading to RCE or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow vulnerability in Tenda FH451 firmware version 1.0.0.9 through timely flaw remediation and patching.
Requires validation of the PPW argument in POST requests to /goform/WizardHandle to prevent buffer overflow exploitation.
Implements memory protections such as stack guards and non-executable memory to mitigate buffer overflow attacks targeting the fromWizardHandle function.