What is the CVSS score of CVE-2025-69765?

CVE-2025-69765 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.3%.

Which versions of Ax3 Firmware are affected by CVE-2025-69765?

Tenda AX3 routers running firmware v16.03.12.11 are vulnerable to remote code execution through a stack overflow vulnerability, allowing unauthenticated attackers to gain full control of affected…

Is there a public PoC exploit available for CVE-2025-69765?

Yes, a public proof-of-concept exploit is available for CVE-2025-69765. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-69765?

Within 24 hours: Inventory all Tenda AX3 devices in production and identify firmware versions; isolate or disable affected units if v16.03.12.11 is confirmed. Within 7 days: Check Tenda's security advisories for firmware updates or workarounds; implement network segmentation to limit device access; monitor for suspicious traffic patterns. Within 30 days: Replace affected Tenda AX3 devices with vendor-supported alternatives or upgrade to patched firmware once available; conduct forensic analysis of affected devices for signs of compromise.

Ax3 Firmware CVE-2025-69765

HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-03 cve@mitre.org

RCE Memory Corruption Stack Overflow Tenda Ax3 Firmware

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 04, 2026 - 14:04 vuln.today

Public exploit code

CVE Published

Mar 03, 2026 - 18:16 nvd

HIGH 7.5

DescriptionNVD

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

AnalysisAI

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]

Technical ContextAI

Classified as CWE-121 (Stack-based Buffer Overflow). Affects the formGetIptv component of Ax3 Firmware. Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-69765 vulnerability details – vuln.today

Back

Ax3 Firmware CVE-2025-69765

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code