How to fix CVE-2025-5863?

Within 24 hours: Inventory all Tenda AC5 devices and isolate affected units from production networks if possible; disable remote management access. Within 7 days: Contact Tenda for patch availability and interim guidance; implement network segmentation to limit router access scope. Within 30 days: Evaluate replacement with alternative router vendors; deploy WAF rules blocking POST requests to /goform/SetRebootTimer; conduct network forensics for signs of exploitation.

Is Ac5 Firmware affected by CVE-2025-5863?

A critical remote code execution vulnerability affects Tenda AC5 routers (firmware 15.03.06.47) with no available patch. Attackers can exploit this without authentication to gain full device control, potentially compromising network security and data.

CVE-2025-5863

EUVD-2025-17437 HIGH

2025-06-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17437

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

PoC Detected

Jun 09, 2025 - 19:02 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 06:15 nvd

HIGH 8.8

Description

A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical stack-based buffer overflow vulnerability exists in Tenda AC5 router firmware version 15.03.06.47, affecting the rebootTime parameter in the /goform/SetRebootTimer endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploitation code is available, and the vulnerability has been disclosed, increasing real-world exploitation risk.

Technical Context

The vulnerability is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the formSetRebootTimer function of the Tenda AC5 router's web management interface. The router's HTTP form handler at /goform/SetRebootTimer fails to properly validate the length of the 'rebootTime' parameter before copying it into a fixed-size stack buffer. This allows an attacker to write beyond allocated memory boundaries, overwriting the stack frame including return addresses and local variables. The affected CPE is likely cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*. Tenda AC5 is a budget wireless router running proprietary firmware based on Linux kernel, commonly used in small office/home office (SOHO) environments.

Affected Products

AC5 (['15.03.06.47'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +44

POC: +20

CVE-2025-5863 vulnerability details – vuln.today

Back

CVE-2025-5863

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5863

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code