CVE-2025-44890 is a critical security vulnerability identified in the firmware version FW-WGS-804HPT v1.305b241111. The vulnerability is a stack-based buffer overflow occurring in the function web_snmp_notifyv3_add_post, specifically triggered via the host_ip parameter. A stack overflow (CWE-121) happens when a program writes more data to a buffer located on the stack than it can hold, potentially overwriting adjacent memory and leading to arbitrary code execution, denial of service, or system compromise. This vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality, integrity, and availability is rated high, with a CVSS score of 9.8 out of 10, reflecting the critical nature of this flaw. Exploiting this vulnerability could allow attackers to execute arbitrary code with the privileges of the affected device, potentially leading to full device compromise, interception or manipulation of SNMP notifications, and disruption of network management operations. Although no known exploits are currently reported in the wild, the ease of exploitation and severity suggest that attackers may develop exploits rapidly. The affected product is identified only as FW-WGS-804HPT firmware version 1.305b241111, with no vendor or broader product family specified, which complicates precise identification of impacted devices. The vulnerability was published on May 20, 2025, with the initial reservation date on April 22, 2025. No patches or mitigation links are currently available, indicating that affected organizations must implement interim protective measures until official fixes are released.

For European organizations, this vulnerability poses a significant risk, especially for those relying on the FW-WGS-804HPT device or similar network infrastructure components for SNMP-based network management. Successful exploitation could lead to unauthorized control over network devices, disruption of network monitoring and management, and potential lateral movement within corporate networks. This could result in data breaches, operational downtime, and compromised network integrity. Critical infrastructure sectors such as telecommunications, energy, and finance, which often depend on SNMP for device monitoring, could be particularly affected. The lack of authentication and user interaction requirements means that attackers can launch attacks remotely and stealthily, increasing the threat to enterprise and industrial networks across Europe. Additionally, the high severity and potential for full device compromise elevate the risk of cascading failures in interconnected network environments.

Given the absence of an official patch, European organizations should immediately undertake the following specific mitigation steps: 1) Identify and inventory all devices running FW-WGS-804HPT firmware version 1.305b241111 or related variants to assess exposure. 2) Restrict network access to the affected devices by implementing strict firewall rules that limit SNMP traffic and web management interface access only to trusted management stations and IP addresses. 3) Disable SNMPv3 notification features or the vulnerable web_snmp_notifyv3_add_post functionality if possible, or disable SNMP entirely on devices not requiring it. 4) Monitor network traffic for anomalous SNMP requests or unexpected web interface activity targeting the host_ip parameter. 5) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. 6) Engage with the device vendor or firmware provider to obtain patches or firmware updates as soon as they become available. 7) Plan for rapid deployment of patches and conduct thorough testing to ensure no regression or operational impact. 8) Educate network administrators about the vulnerability and the importance of limiting exposure to management interfaces.