CVE-2025-63454 is a stack overflow vulnerability identified in the Tenda AX-3 router firmware version 16.03.12.10_CN. The flaw exists in the get_parentControl_list_Info function, where the deviceId parameter is improperly handled, allowing an attacker to overflow the stack. This vulnerability can be triggered remotely by sending a specially crafted request to the affected router, causing a Denial of Service (DoS) condition. The DoS results from the router crashing or rebooting, disrupting network connectivity for users. The vulnerability does not require authentication or user interaction, increasing the risk of exploitation. Although no public exploits have been reported, the nature of the vulnerability and the exposure of routers to the internet or local networks make it a credible threat. The lack of a CVSS score suggests it is a newly published vulnerability, and no official patches or mitigations have been documented yet. The Tenda AX-3 router is commonly used in home and small office environments, which could lead to widespread impact if exploited. Attackers could leverage this vulnerability to disrupt network services, potentially affecting business operations and user productivity.

For European organizations, the primary impact of CVE-2025-63454 is the potential disruption of network availability due to router crashes or reboots. This can lead to loss of internet connectivity, interruption of business communications, and degradation of critical services reliant on network access. Small and medium-sized enterprises (SMEs) and home office users are particularly vulnerable, as they often use consumer-grade routers like the Tenda AX-3 without advanced security controls. Disruptions could affect remote work capabilities, VoIP communications, and access to cloud services. Additionally, repeated exploitation could be used as part of a larger denial-of-service campaign or to create network instability. While confidentiality and integrity impacts are minimal, the availability impact is significant, especially for organizations lacking redundant network infrastructure. The absence of known exploits currently limits immediate risk, but the vulnerability remains a concern for network reliability.

Organizations should immediately inventory their network devices to identify any Tenda AX-3 routers running firmware version 16.03.12.10_CN. Restrict access to router management interfaces by implementing network segmentation and firewall rules to limit exposure to untrusted networks, especially the internet. Monitor network traffic for unusual or malformed requests targeting the deviceId parameter in router management APIs. Engage with Tenda support or official channels to obtain firmware updates or patches addressing this vulnerability as they become available. In the interim, consider replacing vulnerable devices with models from vendors with active security support. Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) configured to detect anomalous traffic patterns. Educate users about the risks of exposing router management interfaces and encourage disabling remote management if not required. Regularly back up router configurations to facilitate rapid recovery after a potential DoS event.