CVE-2025-12272

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.4HIGH
EPSS
0.4%
top 37.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22Tenda Ch22 Firmware
Timeline
PublishedOct 27

Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ch221.0.0.1
NVDtenda/ch22_firmware1.0.0.1

🔴Vulnerability Details

2
CVEList
Tenda CH22 addressNat fromAddressNat buffer overflow2025-10-27
GHSA
GHSA-9gx4-7587-f9vg: A security flaw has been discovered in Tenda CH22 12025-10-27

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda addressNat Multiple Parameters Buffer Overflow Attempt (CVE-2025-12272)2025-06-17
CVE-2025-12272 (HIGH CVSS 7.4) | A security flaw has been discovered | cvebase.io