Cyber Posture

CVE-2025-12265

HighPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-12265 is a buffer overflow vulnerability in Tenda CH22 firmware version 1.0.0.1. The flaw affects the fromVirtualSer function in the /goform/VirtualSer file, where manipulation of the page argument triggers the overflow. Published on 2025-10-27, it is associated with CWE-119 and CWE-120.

The vulnerability enables remote exploitation requiring low privileges (PR:L), network access (AV:N), low attack complexity (AC:L), and no user interaction (UI:N). With a CVSS v3.1 base score of 8.8 (S:U/C:H/I:H/A:H), attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution.

Advisories reference VulDB entries (ctiid.329936, id.329936, submit.674012) and a GitHub issue at QIU-DIE/CVE/issues/18, where the exploit has been publicly disclosed and could be used for attacks. The Tenda vendor site is listed at www.tenda.com.cn.

The exploit availability heightens the risk for exposed Tenda CH22 devices.

Details

CWE(s)
CWE-119CWE-120

Affected Products

tenda
ch22 firmware
1.0.0.1

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow vulnerability in the unauthenticated web management interface (/goform/VirtualSer) of the Tenda CH22 router enables remote exploitation for arbitrary code execution or denial of service, directly facilitating exploitation of a public-facing application.

References