CVE-2025-44891 is a critical stack overflow vulnerability identified in the firmware version FW-WGS-804HPT v1.305b241111. The flaw exists in the function web_snmp_v3host_add_post, specifically triggered via the host_ip parameter. A stack overflow occurs when the input data exceeds the buffer size allocated on the stack, leading to memory corruption. This vulnerability is classified under CWE-121, which pertains to stack-based buffer overflows. The CVSS v3.1 score is 9.8, indicating a critical severity level with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is remotely exploitable over the network without any privileges or user interaction, and can result in complete confidentiality, integrity, and availability compromise. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to full system takeover, data theft, or disruption of services. No patches or vendor information are currently available, and no known exploits have been reported in the wild yet. The absence of vendor and product details limits precise identification, but the firmware naming suggests it may be related to network hardware or IoT devices that implement SNMP v3 host management features.

For European organizations, the impact of this vulnerability could be severe, especially for those relying on the affected firmware in critical network infrastructure or IoT deployments. Successful exploitation could lead to unauthorized remote code execution, enabling attackers to gain control over network devices, intercept or manipulate sensitive data, disrupt network operations, or use compromised devices as pivot points for further attacks within the corporate network. This could affect confidentiality by exposing sensitive information, integrity by allowing unauthorized changes, and availability by causing device or network outages. Industries such as telecommunications, manufacturing, utilities, and critical infrastructure operators in Europe could face significant operational and reputational damage. The lack of patches and public exploit code increases the urgency for proactive mitigation to prevent potential future attacks.

Given the critical nature and lack of available patches, European organizations should immediately conduct asset discovery to identify any devices running FW-WGS-804HPT v1.305b241111 or similar firmware. Network segmentation should be enforced to isolate vulnerable devices from critical systems and limit exposure to untrusted networks. Disable or restrict SNMP v3 host management interfaces where possible, especially access to the web_snmp_v3host_add_post function or related management services. Employ strict input validation and anomaly detection on network traffic to detect and block malformed SNMP requests targeting the host_ip parameter. Monitor network logs and device behavior for signs of exploitation attempts or unusual activity. Engage with vendors or firmware providers to obtain patches or updates as soon as they become available. Additionally, implement network-level protections such as firewalls and intrusion prevention systems (IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. Regularly update and audit device firmware and configurations to minimize attack surface.