CVE-2025-7853
Published: 19 July 2025
Summary
CVE-2025-7853 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates and sanitizes the 'page' argument in the /goform/SetIpBind function to directly prevent the stack-based buffer overflow.
Implements memory protection mechanisms like stack canaries and ASLR to comprehensively mitigate exploitation of the stack buffer overflow vulnerability.
Ensures timely patching and remediation of the specific buffer overflow flaw in Tenda FH451 firmware version 1.0.0.9.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable stack-based buffer overflow in the web interface (/goform/SetIpBind) of a public-facing router, enabling initial access via exploitation of a public-facing application.
NVD Description
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated…
more
remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7853 is a critical stack-based buffer overflow vulnerability, associated with CWE-119 and CWE-121, affecting the fromSetIpBind function in the /goform/SetIpBind file of Tenda FH451 firmware version 1.0.0.9. Published on 2025-07-19, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
The vulnerability enables remote attackers with low privileges to manipulate the 'page' argument, triggering the buffer overflow. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system compromise without requiring user interaction.
References point to a GitHub repository containing detailed analysis and a proof-of-concept exploit at https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSetIpBind.md and https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromSetIpBind.md#poc, along with VulDB entries at https://vuldb.com/?ctiid.316943, https://vuldb.com/?id.316943, and https://vuldb.com/?submit.616359. No vendor patches or specific mitigation guidance from advisories are detailed in the available information.
The exploit has been publicly disclosed and may be used by attackers targeting vulnerable Tenda FH451 devices.
Details
- CWE(s)