CVE-2025-25507 — Code Injection in AC6 Firmware

CWE-94 — Code Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 26.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC6 Firmware

Timeline

PublishedFeb 21

Description

There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDtenda/ac6_firmware15.03.05.16_multi

🔴Vulnerability Details

CVEList

CVE-2025-25507: There is a RCE vulnerability in Tenda AC6 15↗2025-02-21

▶

GHSA

GHSA-7crh-q834-jm56: There is a RCE vulnerability in Tenda AC6 15↗2025-02-21

▶