CVE-2025-7795
Published: 18 July 2025
Summary
CVE-2025-7795 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the stack-based buffer overflow by requiring validation of the untrusted 'page' argument in the /goform/P2pListFilter endpoint.
Implements memory protection mechanisms such as stack canaries or DEP to block exploitation of the stack-based buffer overflow in the fromP2pListFilter function.
Requires timely remediation of the known buffer overflow flaw in Tenda FH451 firmware version 1.0.0.9 via patching to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of a public-facing web management interface (form handler) via buffer overflow to achieve RCE on a network device.
NVD Description
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7795 is a critical stack-based buffer overflow vulnerability affecting Tenda FH451 router firmware version 1.0.0.9. The flaw resides in the fromP2pListFilter function within the /goform/P2pListFilter file, where manipulation of the "page" argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it was published on 2025-07-18 and carries a CVSS v3.1 base score of 8.8.
Attackers with low privileges (PR:L) can exploit this remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially allowing remote code execution on the affected device.
Advisories referenced in VulDB (ctiid.316856, id.316856) and a GitHub repository detail the vulnerability, including a proof-of-concept exploit demonstrating the buffer overflow via the "page" parameter.
The exploit has been publicly disclosed, with POC code available, heightening the risk of active exploitation against unpatched Tenda FH451 devices.
Details
- CWE(s)