CVE 8.7 HIGH

Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow_CVE-2025-12595

November 2, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

AI Analysis

Buffer overflow vulnerability in Tenda AC23 due to improper handling of the argument list in the formSetVirtualSer function, allowing remote exploitation.

Basic Information

ID CVE-2025-12595

Source VulDB

Published Nov 2, 2025 at 10:02

Affected Product

Vendor Tenda

Product AC23

Version 16.03.07.52

Affected Versions Tenda AC23 16.03.07.52

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC23

Version 16.03.07.52

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-11-02T10:02:07.134Z",
    "modified": "2025-11-02T10:02:07.134Z",
    "type": "cve",
    "title": "Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330890\nhttps://vuldb.com/?ctiid.330890\nhttps://vuldb.com/?submit.677581\nhttps://github.com/LX-LX88/cve/issues/8\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12595",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC23 16.03.07.52",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC23",
    "version": "16.03.07.52",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC23 due to improper handling of the argument list in the formSetVirtualSer function, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC23",
    "ai_version": "16.03.07.52",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply