What is CVE-2025-7914?

CVE-2025-7914 is a high-severity vulnerability in Tenda Ac6, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2025-07-21.

How severe is CVE-2025-7914?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Tenda Ac6

CVE-2025-7914

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be la…

Vulnerability class: Buffer Overflow

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R.

Affected products

Tenda Ac6 — versions 15.03.06.50

Weakness classification (CWE)

References

VDB-317029 | Tenda AC6 httpd setparentcontrolinfo buffer overflow (vdb-entry, technical-description)
VDB-317029 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #618859 | Tenda AC6 V2.0 V15.03.06.50 Buffer Overflow (third-party-advisory)
github.com/gaochen61/IoTVuln/blob/main/Tenda_AC6_V15.03.06.50/setparentcontroli… (related)
www.tenda.com.cn/ (product)

Frequently asked questions

What is CVE-2025-7914?: CVE-2025-7914 is a high-severity vulnerability in Tenda Ac6, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2025-07-21.
How severe is CVE-2025-7914?: High severity. CVSS v3 base score is 8.8 out of 10.