CVE-2025-9748 HIGH

CVE-2025-9748: Tenda CH22 httpd IPSECsave fromIpsecitem stack-based overflow

Vendor Tenda
Product CH22
Weakness CWE-121
Published August 31, 2025
Last update September 2, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.

Key dates

02Disclosure timeline

August 31, 2025 CVE published
September 2, 2025 Record updated