CVE-2025-25343
Published: 12 February 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-25343 is a buffer overflow vulnerability (CWE-120) present in the formexeCommand function of the Tenda AC6 V15.03.05.16 firmware. Published on 2025-02-12, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.
Remote attackers can exploit this vulnerability over the network with low complexity, without requiring authentication privileges or user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution and full control over the affected router.
Mitigation details are available in the referenced advisory at https://github.com/wy876/cve/issues/4.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in the formexeCommand web function via cmdinput parameter enables remote exploitation of a public-facing application (T1190), exploitation of remote services for potential RCE (T1210), and application denial of service via crash (T1499.004).