What is CVE-2025-22946?

A critical stack overflow vulnerability in Tenda ac9 firmware v15.03.05.19 allows for remote arbitrary code execution. Organizations should prioritize patching immediately to mitigate risks associated with this flaw.

What is the severity of CVE-2025-22946?

CVE-2025-22946 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-22946 | Critical Vulnerability in Tenda ac9 Firmware

Tenda ac9 firmware v15.03.05.19 contains a critical stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. With a CVSS score of 9.8, this vulnerability poses a significant risk to organizations using affected versions of the firmware. The attack vector is classified as network, requiring no privileges or user interaction, which increases its exploitability.

Risk to organizations includes unauthorized access and control over devices, which can result in data breaches or further exploitation of networked systems. Given the critical nature of this vulnerability, organizations should prioritize patching immediately.

Currently, there are no known public exploits or proofs of concept available for this vulnerability, but the severity of its impact necessitates immediate action to secure affected systems.

Organizations should assess their exposure to this vulnerability and take appropriate steps to mitigate the associated risks.

Vulnerability Details

The vulnerability, identified as CWE-120, indicates a stack overflow condition that can be exploited through specially crafted input. The affected product is Tenda's ac9 firmware version 15.03.05.19, which is critical for device operation. The vulnerability was published on January 10, 2025, and has been classified as critical due to its CVSS score of 9.8.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user input in the /goform/SetOnlineDevName function. When processing input, the function does not adequately validate buffer sizes, leading to a stack overflow.

This vulnerability can be exploited over the network, requiring no authentication or user interaction. The attack complexity is low, making it straightforward for attackers to initiate an exploit. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability of the affected device and potentially the network.

Risk & Impact Analysis

Organizations that deploy Tenda ac9 firmware may face significant risks associated with the exploitation of this vulnerability. Given the critical nature of this flaw, the potential for unauthorized access to sensitive data or control over devices is a major concern.

The blast radius could extend beyond the individual device, affecting network integrity and leading to further exploitations within the organization. Urgency assessment based on the CVSS score indicates that this vulnerability should be addressed immediately, with emphasis placed on patching and mitigating exposure.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Tenda ac9 firmware v15.03.05.19. If version information is unknown, organizations should assume all versions prior to the vendor patch are vulnerable.

Mitigation & Remediation

Organizations should apply the latest firmware updates provided by Tenda to mitigate this vulnerability. If a patch is not immediately available, consider implementing network segmentation to limit exposure of vulnerable devices. Additionally, configuration hardening should be considered to restrict access to the /goform/SetOnlineDevName endpoint.

For continuous monitoring and vulnerability management, organizations can engage in continuous penetration testing to identify similar weaknesses across their network.

Detection Guidance

Monitoring for unusual traffic patterns targeting the /goform/SetOnlineDevName endpoint can help in detecting potential attempts to exploit this vulnerability. Log indicators related to failed access attempts or unexpected behavior from the device should also be carefully analyzed.

AppSecure Threat Intelligence Insight

The identification of this vulnerability highlights ongoing security challenges faced by networked devices. Organizations must remain vigilant against similar vulnerabilities and ensure timely updates and patches are applied. This incident underscores the importance of vulnerability management programs that can adapt to evolving threats.

Furthermore, organizations should consider engaging in penetration testing to proactively identify and remediate vulnerabilities before they can be exploited.

Security teams should also learn from this incident by analyzing the patterns and conditions that led to the discovery of this vulnerability. By doing so, they can better prepare their defenses against similar threats in the future.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-22946: Critical Vulnerability in Tenda ac9 Firmware