CVE-2025-9748
Published: 31 August 2025
Summary
CVE-2025-9748 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the ipsecno argument in the /goform/IPSECsave endpoint to prevent stack-based buffer overflows from improper input handling.
Implements memory protection mechanisms such as stack canaries and DEP to mitigate exploitation of the stack-based buffer overflow in the httpd component.
Mandates timely remediation of the identified buffer overflow flaw through firmware updates for Tenda CH22 version 1.0.0.1.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the web management interface (httpd) of network device firmware directly enables remote authenticated attackers to achieve RCE by exploiting a public-facing application over the network.
NVD Description
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be…
more
performed from remote.
Deeper analysisAI
CVE-2025-9748, published on 2025-08-31, is a stack-based buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw resides in the fromIpsecitem function within the /goform/IPSECsave file of the httpd component. It is triggered by manipulating the ipsecno argument, and is associated with CWEs-119, CWE-121, and CWE-787.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low attack complexity and no user interaction required. Exploitation demands low privileges (PR:L), allowing a remote authenticated attacker to potentially achieve high impacts on confidentiality, integrity, and availability, such as remote code execution via the buffer overflow.
Mitigation details and additional technical information are referenced in advisories from VulDB at https://vuldb.com/?ctiid.322049, https://vuldb.com/?id.322049, and https://vuldb.com/?submit.640422, a GitHub repository at https://github.com/physicszq/Routers/tree/main/tmp/02, and the vendor site at https://www.tenda.com.cn/.
Details
- CWE(s)