CVE-2025-25634 – A stack-based buffer overflow vulnerability exi... (How to Fix)

Q: What is the severity of CVE-2025-25634?

CVE-2025-25634 has a CVSS score of 6.5 (MEDIUM). A stack-based buffer overflow vulnerability exists in Tenda AC15 routers version 15.03.05.19. Attackers can exploit this by sending specially crafted requests to the GetParentControlInfo endpoint, potentially allowing remote code execution. This affects users running vulnerable firmware on Tenda AC15 routers.

📋 TL;DR

A stack-based buffer overflow vulnerability exists in Tenda AC15 routers version 15.03.05.19. Attackers can exploit this by sending specially crafted requests to the GetParentControlInfo endpoint, potentially allowing remote code execution. This affects users running vulnerable firmware on Tenda AC15 routers.

💻 Affected Systems

Products:

Tenda AC15

Versions: 15.03.05.19

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when web interface is enabled.

📦 What is this software?

Ac15 Firmware by Tenda

View all CVEs affecting Ac15 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution within router constraints.

🟢

If Mitigated

Denial of service only if exploit fails or controls limit impact.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices accessible via web interface.

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation appears straightforward with published details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC15. 3. Access router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Access router admin > System Tools > Remote Management > Disable

Block Access to Vulnerable Endpoint

all

Use firewall rules to block access to /goform/GetParentControlInfo

🧯 If You Can't Patch

Isolate router on separate network segment with strict firewall rules
Implement network monitoring for exploitation attempts targeting the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status. If version is 15.03.05.19, device is vulnerable.

Check Version:

Check via web interface or use: curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version has changed from 15.03.05.19 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/GetParentControlInfo
Router crash/reboot logs
Unusual process execution in router logs

Network Indicators:

HTTP POST requests to /goform/GetParentControlInfo with long src parameters
Unusual outbound connections from router

SIEM Query:

http.url:"/goform/GetParentControlInfo" AND http.method:POST AND http.request_body_length:>1000

📊 Metadata

CVE ID: CVE-2025-25634

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-121

EPSS Score: 0.12% exploit probability (31.2th percentile)

Published: March 5, 2025

Last Updated: April 10, 2025

🔗 References

https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19GetParentControlInfo.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25634, you might also want to check these: