CVE-2025-29462CRITICAL 9.8EPSS p35.9%

CVE-2025-29462CVE-2025-29462

Description

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.9% · 2026-06-19T12:03:05Z
Published2025-04-03
Last modified2025-04-22

Underlying weaknesses· 1

CWE-120

References

  1. https://hackmd.io/@7QWW9EKUSNGgPWZNOHkL2w/Sk4xbvejyx

1

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4567
CVE
CVE-2025-52221
CVE
CVE-2025-25343
CVE
CVE-2025-29135
CVE
CVE-2025-29384
CVE
CVE-2025-29386
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.