CVE-2025-11325
Published: 06 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11325 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the Tenda AC18 router on firmware version 15.03.05.19(6318). The issue resides in an unknown functionality of the /goform/fast_setting_pppoe_set file, where manipulation of the Username argument triggers the overflow. Published on 2025-10-06, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by attackers possessing low privileges, with low attack complexity and no requirement for user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on affected devices.
Advisories on VulDB (ctiid.327208, id.327208, submit.664527) document the issue, while a proof-of-concept exploit is publicly available on GitHub at noahze01/IoT-vulnerable/Tenda/AC18/fast_setting_pppoe_set.md. The Tenda website (tenda.com.cn) provides a contact point for vendor guidance on patches or mitigations.
The public release of the exploit heightens the risk of real-world attacks against unpatched Tenda AC18 devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remotely exploitable stack-based buffer overflow in the public-facing web interface (/goform/fast_setting_pppoe_set) of the Tenda AC18 router, enabling exploitation of a public-facing application.