CVE Alert: CVE-2025-12595 - Tenda - AC23

CVE-2025-12595

HIGHNo exploitation known

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

AC23

Versions

16.03.07.52

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-11-02T10:02:07.134Z

Updated

2025-11-02T10:02:07.134Z

References

https://vuldb.com/?id.330890

https://vuldb.com/?ctiid.330890

https://vuldb.com/?submit.677581

https://github.com/LX-LX88/cve/issues/8

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk with a publicly available exploit; exploitation can be remote and should be treated as priority 1.

Why this matters

A remote memory corruption via a buffer overflow could allow full device compromise without user interaction, enabling attacker control and potential pivot into the internal network. The likely attacker goals include persistent presence, modification of device behaviour, and access to connected hosts or services.

Most likely attack path

Attack requires network access (no user interaction) and low privileges; attacker can send crafted input to the vulnerable function over the network.
The overflow can lead to remote code execution and complete compromise of the device, with high impact on confidentiality, integrity and availability.
Scope remains unchanged, so compromised component can directly affect connected network resources; lateral movement within the local network is plausible if the device is used as a gateway or hosts exposed services.

Who is most exposed

Devices in consumer and small business environments with WAN-facing management interfaces are most at risk; defaults or misconfigurations that allow remote administration broaden exposure across home/office networks.

Detection ideas

Unusual or crafted requests targeting the SetVirtualServerCfg endpoint and related virtual-server configuration paths.
Device reboots or crashes tied to service handling virtual server configurations.
Sudden spikes in memory/CPU usage or abnormal process activity around network services.
Public exploit signatures or known IOCs associated with this CVE appearing in telemetry.

Mitigation and prioritisation

Apply vendor patch to the affected firmware/version; prioritise patching as soon as available (treat as priority 1 due to KEV/public PoC).
If patching cannot be immediate, disable or restrict remote management (WAN access), enforce strict access controls, and implement firewall rules limiting admin interfaces to trusted subnets.
Enable network segmentation and monitor for anomalous traffic to and from the device; implement IDS/IPS rules for known exploit patterns.
Plan a change-management window for firmware upgrade and verify devices are compatible before broad deployment.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: ac23, CVE, cve-2025-12595, OSINT, tenda, threatintel