CVE-2025-25675 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-25675?

CVE-2025-25675 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in Tenda AC10 routers that allows remote attackers to execute arbitrary commands with root privileges. Attackers can exploit this by sending specially crafted POST requests to the vulnerable formexeCommand function. All users running affected firmware versions are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in Tenda AC10 routers that allows remote attackers to execute arbitrary commands with root privileges. Attackers can exploit this by sending specially crafted POST requests to the vulnerable formexeCommand function. All users running affected firmware versions are at risk.

💻 Affected Systems

Products:

Tenda AC10

Versions: V1.0 firmware V15.03.06.23

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific firmware version confirmed vulnerable; other versions may also be affected but not verified.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, intercept all network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Attackers gain full control of the router to modify DNS settings, intercept credentials, deploy malware to connected devices, or join botnets.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to the router itself without lateral movement to other systems.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - If internet access is blocked, attackers would need initial network access, but exploitation remains straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub repository; exploitation requires simple HTTP POST request with command injection payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware for AC10 V1.0 3. Log into router admin interface 4. Navigate to System Tools > Firmware Upgrade 5. Upload and apply new firmware

🔧 Temporary Workarounds

Block External Access to Admin Interface

linux

Configure firewall to block WAN access to router admin interface (typically port 80/443)

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Remote Management

all

Turn off remote management feature in router settings

🧯 If You Can't Patch

Isolate router in separate VLAN with strict firewall rules
Replace with different router model that receives security updates

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than V15.03.06.23 and test with known exploit payloads

📡 Detection & Monitoring

Log Indicators:

POST requests to /goform/execCommand with unusual parameters
System logs showing unexpected command execution
Failed authentication attempts to admin interface

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Traffic patterns indicating command and control communication

SIEM Query:

source="router.log" AND ("execCommand" OR "cmdinput") AND method="POST"

📊 Metadata

CVE ID: CVE-2025-25675

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.8% exploit probability (73.5th percentile)

Published: February 20, 2025

Last Updated: March 17, 2025

🔗 References

https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25675, you might also want to check these: