CVE-2025-5862 – A critical buffer overflow vulnerability in Ten... (How to Fix)

Q: What is the severity of CVE-2025-5862?

CVE-2025-5862 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code by manipulating the PPTP user list function. This affects Tenda AC7 routers running firmware version 15.03.06.44. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A critical buffer overflow vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code by manipulating the PPTP user list function. This affects Tenda AC7 routers running firmware version 15.03.06.44. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AC7

Versions: 15.03.06.44

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface's PPTP configuration function. Devices with default configurations are vulnerable.

📦 What is this software?

Ac7 Firmware by Tenda

View all CVEs affecting Ac7 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, enabling attackers to install malware, pivot to internal networks, or create persistent backdoors.

🟠

Likely Case

Remote code execution resulting in device takeover, allowing attackers to intercept network traffic, modify router settings, or launch attacks against internal systems.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal attacks remain possible if the exploit reaches the device.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available, making weaponization likely. The vulnerability requires no authentication and has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: No

Instructions:

Check Tenda's official website for firmware updates. If available, download the latest firmware and apply it through the router's web interface under System Tools > Firmware Upgrade.

🔧 Temporary Workarounds

Disable PPTP VPN

all

Disable the PPTP VPN feature if not required, as the vulnerability is in the PPTP user list function.

Restrict Management Interface Access

all

Configure firewall rules to restrict access to the router's web management interface (typically port 80/443) to trusted IP addresses only.

🧯 If You Can't Patch

Isolate affected routers in a separate network segment with strict access controls.
Implement network monitoring and intrusion detection for suspicious traffic to the router's management interface.

🔍 How to Verify

Check if Vulnerable:

Check the router's firmware version via the web interface (typically under System Status or System Tools). If the version is 15.03.06.44, the device is vulnerable.

Check Version:

No CLI command available; check via web interface at http://[router-ip]/

Verify Fix Applied:

After updating firmware, verify the version has changed from 15.03.06.44 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setPptpUserList with large payloads
Failed authentication attempts or unexpected configuration changes

Network Indicators:

Suspicious HTTP traffic to router's IP on port 80/443 with POST requests to vulnerable endpoint
Unexpected outbound connections from the router

SIEM Query:

http.method:POST AND http.uri:"/goform/setPptpUserList" AND (bytes_out:>1000 OR user_agent:unusual)

📊 Metadata

CVE ID: CVE-2025-5862

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.2% exploit probability (41.8th percentile)

Published: June 9, 2025

Last Updated: June 9, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.311621 Permissions Required
https://vuldb.com/?id.311621 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.591980 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5862, you might also want to check these: