CVE-2025-15006

CriticalPublic PoC

Published: 22 December 2025

Published

22 December 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can…

be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information input validation directly prevents the stack-based buffer overflow by enforcing bounds checking on the manipulated ipaddress argument in the HTTP request handler.

SI-16 Memory Protection good match

prevent

Memory protection safeguards such as stack canaries, ASLR, and DEP prevent unauthorized code execution from the stack buffer overflow vulnerability.

SI-2 Flaw Remediation good match

prevent

Flaw remediation requires patching the specific buffer overflow in the Tenda WH450 firmware's /goform/CheckTools to eliminate remote exploitability.

Security SummaryAI

CVE-2025-15006 is a stack-based buffer overflow vulnerability affecting the Tenda WH450 router on firmware version 1.0.0.18. The flaw exists in an unknown functionality of the /goform/CheckTools file within the HTTP Request Handler component, where manipulation of the ipaddress argument triggers the overflow.

The vulnerability enables remote exploitation with no privileges required, low attack complexity, and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

Advisories and references, including VulDB entries (ctiid.337712, id.337712) and GitHub proof-of-concept code, detail the issue but provide no specific mitigation or patch information. The public PoC demonstrates reproduction of the buffer overflow.

Notable context includes the exploit's public availability, which could facilitate attacks, with the CVE published on 2025-12-22T02:16:01.343.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

wh450 firmware

1.0.0.18

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated stack-based buffer overflow in /goform/CheckTools via ipaddress parameter enables remote exploitation of a public-facing web application on the Tenda WH450 router.

References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/CheckTools/CheckTools.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/CheckTools/CheckTools.md#reproduce
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.337712
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.337712
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.719315
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com