CVE-2025-25505 – A buffer overflow vulnerability in Tenda AC6 ro... (How to Fix)

Q: What is the severity of CVE-2025-25505?

CVE-2025-25505 has a CVSS score of 6.5 (MEDIUM). A buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code or cause denial of service by sending specially crafted requests to the affected function. This affects users running Tenda AC6 routers with firmware version 15.03.05.16_multi. The vulnerability is in the sub_452A4 function which handles certain callback operations.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code or cause denial of service by sending specially crafted requests to the affected function. This affects users running Tenda AC6 routers with firmware version 15.03.05.16_multi. The vulnerability is in the sub_452A4 function which handles certain callback operations.

💻 Affected Systems

Products:

Tenda AC6

Versions: 15.03.05.16_multi

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, and lateral movement to connected networks.

🟠

Likely Case

Denial of service causing router crashes and network disruption, potentially requiring physical reset.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules blocking external access to router management interfaces.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Detailed exploit analysis and proof-of-concept code is publicly available in the GitHub repository. The vulnerability requires sending crafted requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AC6 model. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict firewall rules blocking all external access to router management ports (typically 80, 443, 8080)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or System Tools > Firmware Upgrade. If version is exactly 15.03.05.16_multi, the device is vulnerable.

Check Version:

curl -s http://router-ip/status.asp | grep -i firmware || Check web interface manually

Verify Fix Applied:

After updating firmware, verify the version number has changed from 15.03.05.16_multi to a newer version.

📡 Detection & Monitoring

Log Indicators:

Multiple failed requests to router management interface
Router reboot events without user action
Unusual traffic patterns to router IP on management ports

Network Indicators:

Unusual HTTP POST requests to router endpoints
Traffic patterns matching known exploit payloads
Multiple connection attempts to router management ports from external IPs

SIEM Query:

source="router_logs" AND ("reboot" OR "crash" OR "buffer") OR dest_ip="router_ip" AND (dest_port=80 OR dest_port=443 OR dest_port=8080) AND http_method="POST" AND size>1000

📊 Metadata

CVE ID: CVE-2025-25505

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-120

EPSS Score: 0.14% exploit probability (34.4th percentile)

Published: February 21, 2025

Last Updated: April 10, 2025

🔗 References

https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_getRootStatus_callback_overflow/detail.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25505, you might also want to check these: