What is CVE-2025-25664?

A critical stack overflow vulnerability has been identified in Tenda AC8 firmware version 16.03.34.06. This vulnerability poses significant risks to organizations, necessitating immediate attention and remediation efforts.

What is the severity of CVE-2025-25664?

CVE-2025-25664 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-25664 | Critical Vulnerability in Tenda AC8 Firmware

On February 20, 2025, a critical vulnerability was discovered in Tenda AC8 firmware version 16.03.34.06. This vulnerability allows an attacker to exploit a stack overflow via the shareSpeed parameter in the sub_49E098 function. With a CVSS score of 9.8, this vulnerability is classified as critical, indicating its severe nature and potential impact on affected systems.

The severity of this vulnerability is underscored by its potential to cause high confidentiality, integrity, and availability impacts. Organizations utilizing the affected firmware should understand the urgency of addressing this vulnerability to mitigate the risk of exploitation.

Currently, there are no known exploits, and it has not been classified as actively exploited in the wild. However, organizations must remain vigilant and proactive in their security measures, as the potential for exploitation exists.

Organizations should prioritize patching immediately to minimize exposure to this vulnerability. Implementing security controls and monitoring for any unusual activity can further enhance defense against potential attacks.

Vulnerability Details

The vulnerability described in CVE-2025-25664 is attributed to a stack overflow in the Tenda AC8 firmware. The vulnerability's CVSS score of 9.8 indicates its critical nature, characterized by a low attack complexity and no privileges required for exploitation.

The affected component is the ac8_firmware, specifically version 16.03.34.06. The vulnerability was disclosed on February 20, 2025, and falls under the CWE classifications of CWE-787 (Out-of-bounds Write) and CWE-120 (Buffer Copy without Checking Size of Input).

Technical Analysis

The root cause of this vulnerability stems from improper handling of the shareSpeed parameter, which leads to a stack overflow condition. Attackers could exploit this vulnerability remotely, given its attack vector of NETWORK.

The attack complexity is low, requiring no privileges or user interaction. Successful exploitation may lead to severe impacts on confidentiality, integrity, and availability, highlighting the critical nature of this vulnerability.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data and disruption of services. The critical severity of this vulnerability necessitates immediate action from organizations to patch affected systems and secure their networks.

The blast radius of this vulnerability is significant given its potential to affect multiple systems if left unaddressed. Organizations should assess their exposure and prioritize remediation efforts according to their risk assessment and security posture.

Due to its critical nature, organizations should prioritize patching immediately. Continuous monitoring and reviewing security policies can help mitigate potential exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The only affected version of Tenda's firmware is 16.03.34.06. All versions prior to vendor patch are susceptible to this vulnerability.

Mitigation & Remediation

Organizations should update to the latest firmware version provided by Tenda to remediate this vulnerability. If a patch is not immediately available, consider implementing configuration hardening and network controls to limit access to vulnerable components.

Additional measures include conducting regular security assessments, such as penetration testing, to identify and address similar vulnerabilities.

Detection Guidance

Monitor logs for unusual behavior, particularly around the shareSpeed parameter. Behavioral anomalies may indicate attempts to exploit this vulnerability. Additionally, maintain vigilance for any unexpected changes to system configurations or performance.

AppSecure Threat Intelligence Insight

This vulnerability illustrates the ongoing challenges faced by organizations in securing their network devices. Security teams should prioritize understanding their device configurations and the potential risks associated with them.

Regularly reviewing and updating security policies, alongside implementing proactive security measures, will fortify defenses against similar vulnerabilities in the future.

For further insights, organizations are encouraged to explore vulnerability management programs and assess their security posture comprehensively.

Engaging in continuous training and awareness initiatives will also empower teams to respond effectively to emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-25664: Critical Vulnerability in Tenda AC8 Firmware