Cyber Posture

CVE-2025-9006

HighPublic PoC

Published: 15 August 2025

Published
15 August 2025
Modified
26 September 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0032 55.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9006 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of inputs to the formdelFileName function in /goform/delFileName to prevent buffer overflow from malformed filenames.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries or DEP to block exploitation of the buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the identified buffer overflow flaw in Tenda CH22 firmware version 1.0.0.1 via patching.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public web management interface (/goform/delFileName) directly enables remote exploitation of a network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public…

more

and may be used.

Deeper analysisAI

CVE-2025-9006 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw affects the formdelFileName function within the /goform/delFileName file, allowing remote manipulation that triggers the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system takeover on the affected device.

Advisories and details are documented on VulDB (ctiid.320035, id.320035, submit.628845) and a proof-of-concept exploit is publicly disclosed in a GitHub issue (moweizhang1994/cve/issues/2). The Tenda manufacturer's site (tenda.com.cn) is referenced, but no specific patches or mitigation steps are detailed in the provided information.

Details

CWE(s)
CWE-119CWE-120

Affected Products

tenda
ch22 firmware
1.0.0.1

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22
CVE-2025-12274Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-8180Same product: Tenda Ch22
CVE-2025-12265Same product: Tenda Ch22
CVE-2025-9007Same product: Tenda Ch22
CVE-2025-9813Same product: Tenda Ch22
CVE-2025-9443Same product: Tenda Ch22
CVE-2025-12273Same product: Tenda Ch22
CVE-2025-13288Same product: Tenda Ch22

References