CVE-2025-5900

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 67.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC9 Tenda AC9 Firmware

Timeline

PublishedJun 9

Latest updateJun 10

Description

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac915.03.02.13

▶NVDtenda/ac9_firmware15.03.2.13

🔴Vulnerability Details

GHSA

GHSA-8cxq-rp45-79vm: A vulnerability, which was classified as problematic, was found in Tenda AC9 15↗2025-06-10

▶

CVEList

Tenda AC9 cross-site request forgery↗2025-06-09

▶