CVE-2025-63457 is a stack-based buffer overflow vulnerability identified in the Tenda AX-1803 router firmware version 1.0.0.1. The flaw resides in the handling of the wanMTU parameter within the sub_4F55C function, where improper bounds checking allows an attacker to overflow the stack. This vulnerability can be triggered remotely by sending a specially crafted request to the device's WAN interface, without requiring any authentication or user interaction. Successful exploitation results in a Denial of Service (DoS) condition, typically causing the router to crash or reboot, thereby disrupting network availability. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with the vector indicating an attack vector over the network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:H). No patches or official fixes have been released at the time of publication, and no known exploits have been observed in the wild. The vulnerability primarily threatens network availability, which could impact business continuity and critical services relying on the affected routers. Given the widespread use of Tenda routers in small to medium enterprises and home networks, the vulnerability poses a tangible risk if exploited by attackers targeting network infrastructure.

For European organizations, the primary impact of CVE-2025-63457 is the potential disruption of network connectivity due to router crashes or reboots caused by the stack overflow. This can lead to temporary loss of internet access, interruption of business operations, and degraded performance of dependent services. Critical sectors such as healthcare, finance, and government that rely on stable network infrastructure could face operational challenges and potential safety risks. The lack of confidentiality or integrity impact reduces the risk of data breaches, but availability interruptions can still cause significant operational and reputational damage. Organizations with remote or branch offices using Tenda AX-1803 routers are particularly vulnerable to targeted DoS attacks. Additionally, the vulnerability could be leveraged as part of a larger attack campaign to cause widespread network outages or to distract from other malicious activities. The absence of known exploits in the wild currently limits immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.

1. Immediately isolate Tenda AX-1803 routers from direct WAN exposure by placing them behind firewalls or VPN gateways to restrict unsolicited inbound traffic targeting the wanMTU parameter. 2. Implement strict network segmentation to limit the impact of any potential DoS attack on critical systems. 3. Monitor network traffic for anomalous or malformed requests directed at the router’s WAN interface, especially those attempting to manipulate MTU settings. 4. Engage with Tenda support channels to obtain firmware updates or patches as soon as they become available; prioritize testing and deployment of these updates. 5. Consider replacing vulnerable devices with alternative routers that have verified security postures if patching is delayed. 6. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting buffer overflow attack patterns targeting network devices. 7. Maintain up-to-date network device inventories to quickly identify and remediate affected hardware. 8. Educate IT staff on the specific nature of this vulnerability to enhance incident response readiness.