CVE-2025-12234
Published: 27 October 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-12234 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw affects the fromSafeMacFilter function in the /goform/SafeMacFilter file, triggered by manipulation of the "page" argument.
The vulnerability is remotely exploitable over the network by attackers with low privileges, requiring low complexity and no user interaction. It carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), enabling high impacts on confidentiality, integrity, and availability. Associated with CWE-119 and CWE-120, the exploit has been publicly disclosed and may be used.
VulDB advisories document the issue under ctiid.329904 and id.329904, with a related submission at submit.673718. A proof-of-concept is available in the GitHub repository QIU-DIE/CVE/issues/15. The vendor page at tenda.com.cn is referenced, but no specific patch or mitigation details are provided in the available sources.
The public disclosure of the exploit increases the risk of real-world attacks against affected Tenda CH22 devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote buffer overflow in the router's web interface (/goform/SafeMacFilter) enables exploitation of a public-facing application (T1190) for potential arbitrary code execution and denial-of-service through application crash or memory corruption (T1499.004).