CVE-2025-9443

HighPublic PoC

Published: 26 August 2025

Published

26 August 2025

Modified

02 September 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0025 48.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9443 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information Input Validation directly prevents buffer overflows by enforcing checks on the size and format of the new_account argument in the formeditUserName function.

SI-16 Memory Protection good match

prevent

Memory Protection implements safeguards like address space layout randomization and non-executable stacks to mitigate exploitation of the buffer overflow even if input validation fails.

SI-2 Flaw Remediation good match

prevent

Flaw Remediation requires timely identification, reporting, and patching of the buffer overflow vulnerability in the Tenda CH22 firmware.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public web endpoint (/goform/editUserName) directly enables remote exploitation of a network device application for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit…

has been published and may be used.

Deeper analysisAI

CVE-2025-9443 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1, specifically affecting the formeditUserName function within the /goform/editUserName endpoint. By manipulating the new_account argument, attackers can trigger the overflow, as documented under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability enables remote exploitation over the network with low privileges (PR:L) and no user interaction required. An attacker with authenticated access, such as a low-level user account, can send a crafted request to the vulnerable endpoint, causing a buffer overflow that compromises confidentiality, integrity, and availability with high impact. This could allow arbitrary code execution, full system compromise, or denial of service on the affected device.

Advisories from VulDB (ctiid.321281, id.321281, submit.634271) detail the flaw and confirm remote exploitability, while a proof-of-concept exploit is publicly available in a GitHub repository (moweizhang1994/cve/issues/4). No vendor patches or specific mitigations are referenced in the provided sources, including the Tenda website.

The published exploit increases the risk of real-world attacks against exposed Tenda CH22 devices, particularly in home or small office networks.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

ch22 firmware

1.0.0.1

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22

CVE-2025-12274Same product: Tenda Ch22

CVE-2025-9812Same product: Tenda Ch22

CVE-2025-8180Same product: Tenda Ch22

CVE-2025-12265Same product: Tenda Ch22

CVE-2025-9006Same product: Tenda Ch22

CVE-2025-9007Same product: Tenda Ch22

CVE-2025-9813Same product: Tenda Ch22

CVE-2025-12273Same product: Tenda Ch22

CVE-2025-13288Same product: Tenda Ch22

References

https://github.com/moweizhang1994/cve/issues/4
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.321281
Permissions Required · cna@vuldb.com
https://vuldb.com/?id.321281
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.634271
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com
https://github.com/moweizhang1994/cve/issues/4
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0