CVE 8.7 HIGH

Tenda CH22 VirtualSer fromVirtualSer buffer overflow_CVE-2025-12265

October 27, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

AI Analysis

Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to manipulation of the argument page in the fromVirtualSer function, allowing remote exploitation.

Basic Information

ID CVE-2025-12265

Source VulDB

Published Oct 27, 2025 at 11:02

Modified Oct 27, 2025 at 12:14

Affected Product

Vendor Tenda

Product CH22

Version 1.0.0.1

Affected Versions Tenda CH22 1.0.0.1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product CH22

Version 1.0.0.1

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.",
    "published": "2025-10-27T11:02:07.933Z",
    "modified": "2025-10-27T12:14:52.668Z",
    "type": "cve",
    "title": "Tenda CH22 VirtualSer fromVirtualSer buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329936\nhttps://vuldb.com/?ctiid.329936\nhttps://vuldb.com/?submit.674012\nhttps://github.com/QIU-DIE/CVE/issues/18\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12265",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda CH22 1.0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CH22",
    "version": "1.0.0.1",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to manipulation of the argument page in the fromVirtualSer function, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "CH22",
    "ai_version": "1.0.0.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply