Cyber Resilience

CVE-2025-8019

HighPublic PoC

Published: 22 July 2025

Published
22 July 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0149 81.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8019 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Szlbt Lbt-T300-T310 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-8019 affects Shenzhen Libituo Technology LBT-T300-T310 firmware version 2.2.3.6 and is rated critical. It resides in the sub_40B6F0 function within the at/appy.cgi file, where improper handling of the wan_proto argument produces a buffer overflow condition classified under CWE-119 and CWE-120.

The flaw can be triggered remotely by an authenticated attacker over the network with low attack complexity, resulting in full compromise of confidentiality, integrity, and availability on the affected device. Publicly available exploit code demonstrates the attack vector.

No vendor advisory or patch information is referenced in the available sources. The associated EPSS score remains flat at 0.0149 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack…

more

may be launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in exposed CGI endpoint (appy.cgi) directly enables remote code execution against a public-facing network service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120
CVE-2026-8775Shared CWE-119, CWE-120
CVE-2026-1328Shared CWE-119, CWE-120
CVE-2026-3701Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-11356Shared CWE-119, CWE-120
CVE-2026-8260Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120

Affected Assets

szlbt
lbt-t300-t310 firmware
2.2.3.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes inputs like the 'wan_proto' argument to prevent buffer overflow vulnerabilities in the at/appy.cgi function.

prevent

Implements memory protections such as ASLR, DEP, and stack canaries to block arbitrary code execution from buffer overflow exploits.

prevent

Mandates identification, reporting, and patching of flaws like CVE-2025-8019 to remediate the buffer overflow in sub_40B6F0.

References