Vulnerability Report

CVE-2025-11325

Title: Tenda Ac18 Memory Corruption

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2025-11325.

CWE Category CWE-119

Published Date Oct 06, 2025

Modified Date Feb 24, 2026

Exploit Status Not Found

Score 7.4 CVSS v4.0

Exploit Probability (EPSS)

0.25%

Vulnerability Summary

CVE-2025-11325: A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Impacted Vendors

tenda 1

Reference Links

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/fast_setting_pppoe_set.md https://vuldb.com/?ctiid.327208 https://vuldb.com/?id.327208 https://vuldb.com/?submit.664527 https://www.tenda.com.cn/

CVSS v4.0

Source Entity [email protected]

Severity HIGH

7.4

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

N/A

RAW VECTOR

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1

Source Entity [email protected]

Severity HIGH

8.8

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:S/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-11325 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

February 24, 2026 MODIFIED

Vulnerability data updated via NVD.

February 24, 2026 MODIFIED

Vulnerability data updated via NVD.

October 07, 2025 MODIFIED

Vulnerability data or affected products updated.

October 06, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Stack

No specific products linked.