CVE-2025-12225
Published: 27 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-12225 is a stack-based buffer overflow vulnerability affecting Tenda AC6 routers on firmware version 15.03.06.50. The flaw exists in an unknown processing function of the /goform/WifiGuestSet file within the HTTP Request Handler component, triggered by manipulation of the shareSpeed argument. Published on 2025-10-27 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability enables remote exploitation by attackers possessing low privileges, requiring only network access, low complexity, and no user interaction. Successful attacks can result in high confidentiality, integrity, and availability impacts, potentially leading to arbitrary code execution on the affected device.
Advisories from VulDB detail the issue and reference a publicly disclosed proof-of-concept exploit on GitHub targeting the WifiGuestSet buffer overflow. The Tenda vendor website provides general support resources, but no specific patch details are outlined in the available references; practitioners should monitor for firmware updates and restrict access to the affected endpoint where possible.
The exploit PoC has been made public, increasing the risk of active exploitation against unpatched Tenda AC6 devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in the router's HTTP handler (/goform/WifiGuestSet) enables remote code execution via exploitation of a public-facing web application.