See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-25505

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 21, 2025

CWE ID 120

Summary

CVE-2025-25505 identifies a buffer overflow vulnerability affecting the Tenda AC6 device with firmware version 15.03.05.16_multi. The sub_452A4 function in the affected system is the culprit, allowing an attacker to potentially inject malicious data that may cause the buffer to overflow, leading to unintended system behavior or crashes. Successful exploitation of this vulnerability could provide an attacker with remote code execution capabilities, posing a significant risk to network security. It is recommended that users update their Tenda AC6 firmware to a patch released by the vendor to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tenda AC6

Affected Vendors

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

Back to Vulnerability Database