CVE-2025-12273 is a buffer overflow vulnerability identified in the Tenda CH22 router firmware version 1.0.0.1. The vulnerability resides in the function fromwebExcptypemanFilter, specifically in the handling of the 'page' parameter within the /goform/webExcptypemanFilter endpoint. An attacker can remotely manipulate this argument to cause a buffer overflow condition, which may allow arbitrary code execution or cause denial of service. The vulnerability requires no authentication or user interaction, increasing its exploitability. The CVSS v4.0 score of 8.7 reflects its high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high, indicating potential full device compromise. Although no patches have been released yet and no exploitation in the wild has been confirmed, the public availability of exploit code significantly raises the threat level. The vulnerability affects only version 1.0.0.1 of the Tenda CH22, a device commonly used in small to medium enterprise and consumer network environments. The lack of segmentation or filtering on the vulnerable endpoint increases the risk of exploitation. This vulnerability could be leveraged by attackers to gain persistent access to network infrastructure, intercept or manipulate traffic, or disrupt network services.

For European organizations, exploitation of CVE-2025-12273 could lead to severe consequences including unauthorized access to internal networks, interception of sensitive data, disruption of network availability, and potential lateral movement within corporate environments. Organizations relying on Tenda CH22 routers for critical connectivity—such as small businesses, branch offices, or remote sites—may face network outages or data breaches. The compromise of these devices could also serve as a foothold for attackers targeting larger enterprise networks or critical infrastructure. Given the public availability of exploit code, the risk of automated scanning and mass exploitation campaigns is elevated. This vulnerability could impact confidentiality by exposing internal communications, integrity by allowing manipulation of network traffic or device configurations, and availability by causing device crashes or network outages. The lack of patches increases the window of exposure, making timely mitigation essential to prevent potential attacks.

1. Immediately identify and inventory all Tenda CH22 devices running firmware version 1.0.0.1 within the network. 2. Monitor vendor channels closely for official firmware updates or security advisories addressing CVE-2025-12273 and apply patches as soon as they become available. 3. Until patches are released, implement network-level protections such as firewall rules or intrusion prevention systems (IPS) to block or restrict access to the /goform/webExcptypemanFilter endpoint, especially from untrusted networks. 4. Employ network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data environments. 5. Conduct active monitoring and logging of network traffic to detect anomalous requests targeting the vulnerable endpoint. 6. Educate IT staff about the vulnerability and the importance of rapid response to any suspicious activity involving Tenda CH22 devices. 7. Consider replacing affected devices with alternative hardware if patching is not feasible within a reasonable timeframe. 8. Use vulnerability scanning tools to detect the presence of vulnerable firmware versions and verify remediation status regularly.