CVE-2025-25663

CWE-787Out-of-bounds WriteCWE-120Classic Buffer OverflowCWE-476NULL Pointer Dereference5 documents5 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 68.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AC8 Firmware
Timeline
PublishedFeb 20
Latest updateOct 15

Description

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ac8_firmware16.03.34.06

🔴Vulnerability Details

2
GHSA
GHSA-c649-279m-q7qv: A vulnerability was found in Tenda AC8V4 V162025-02-21
CVEList
CVE-2025-25663: A vulnerability was found in Tenda AC8V4 V162025-02-20

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda WifiExtraSet wpapsk_crypto Parameter Buffer Overflow Attempt (CVE-2025-25663, CVE-2025-10838, CVE-2025-7596, CVE-2025-5799)2025-10-15

📋Vendor Advisories

1
Microsoft
TensorFlow has Null Pointer Error in TensorArrayConcatV22023-03-14
CVE-2025-25663 (CRITICAL CVSS 9.8) | A vulnerability was found in Tenda | cvebase.io