CVE-2025-7598 is a critical stack-based buffer overflow vulnerability identified in the Tenda AX1803 router, specifically in firmware version 1.0.0.1. The flaw exists in the function formSetWifiMacFilterCfg within the /goform/setWifiFilterCfg endpoint. This function processes the deviceList argument, which, when manipulated by an attacker, leads to a stack-based buffer overflow condition. This type of vulnerability allows an attacker to overwrite parts of the stack memory, potentially enabling arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, increasing its risk profile. The CVSS 4.0 base score is 8.7, indicating a high severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Although no known exploits are currently reported in the wild, the public disclosure of the exploit code raises the likelihood of imminent exploitation. The vulnerability affects only the specified firmware version 1.0.0.1 of the Tenda AX1803 router, a device commonly used in home and small office environments for wireless networking. The absence of official patches or mitigation guidance from the vendor at this time further exacerbates the risk. Given the nature of the vulnerability, successful exploitation could allow attackers to gain control over the device, intercept or manipulate network traffic, and pivot into internal networks, posing significant security risks.

For European organizations, the exploitation of CVE-2025-7598 could have severe consequences, especially for small and medium enterprises (SMEs) and home office setups relying on Tenda AX1803 routers. Compromise of these devices could lead to unauthorized access to internal networks, interception of sensitive data, and disruption of network availability. This is particularly critical for organizations handling personal data under GDPR, as breaches could result in regulatory penalties and reputational damage. Additionally, compromised routers could be leveraged as entry points for broader attacks, including lateral movement to more critical infrastructure. The high impact on confidentiality, integrity, and availability means that sensitive communications and business operations could be severely affected. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks, especially in environments where these routers are deployed without adequate network segmentation or monitoring.

Given the lack of official patches, European organizations should immediately assess their network environments for the presence of Tenda AX1803 routers running firmware version 1.0.0.1. Network administrators should isolate these devices from critical network segments and restrict remote access to the router management interfaces, ideally limiting access to trusted IP addresses or internal networks only. Implementing strict firewall rules to block access to the /goform/setWifiFilterCfg endpoint can help mitigate exploitation attempts. Network monitoring should be enhanced to detect anomalous traffic patterns or attempts to exploit this vulnerability. Organizations should also consider replacing vulnerable devices with updated hardware or firmware versions once available. Additionally, educating users about the risks and encouraging the use of VPNs or secure network configurations can reduce exposure. Finally, maintaining an inventory of network devices and applying timely updates when patches are released is essential to long-term risk management.