CVE-2025-25632
Published: 05 March 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2025-25632 is a command injection vulnerability (CWE-77) affecting Tenda AC15 routers running firmware version v15.03.05.19. The flaw resides in the handler function of the /goform/telnet endpoint, enabling attackers to inject and execute arbitrary operating system commands. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and severe impacts on confidentiality, integrity, and availability.
Remote, unauthenticated attackers can exploit this vulnerability by sending specially crafted requests to the affected endpoint. Successful exploitation grants attackers the ability to execute arbitrary commands on the device with elevated privileges, potentially leading to full router compromise, data exfiltration, persistent access, or use as a pivot for further network attacks.
A detailed proof-of-concept and analysis is available in the referenced advisory at https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md, which security practitioners should review for reproduction steps and potential workarounds, as no official patches are detailed in available information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The command injection vulnerability in the public-facing web handler (/goform/telnet) on the Tenda AC15 router enables remote exploitation of a public-facing application and facilitates arbitrary command execution akin to network device CLI access.