What is the CVSS score of EUVD-2025-17362?

EUVD-2025-17362 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Ac5 Firmware are affected by EUVD-2025-17362?

A critical remote buffer overflow vulnerability has been publicly disclosed in Tenda AC5 routers (firmware 15.03.06.47), allowing unauthenticated attackers to execute arbitrary code without user…

Is there a public PoC exploit available for EUVD-2025-17362?

Yes, a public proof-of-concept exploit is available for EUVD-2025-17362. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate EUVD-2025-17362?

Within 24 hours: Inventory all Tenda AC5 devices running firmware 15.03.06.47 and isolate affected units from critical network segments if possible. Within 7 days: Check Tenda's security advisories for firmware updates and implement network-level mitigations (see compensating controls). Within 30 days: Replace affected devices with patched firmware versions once available, or consider alternative router vendors if Tenda does not release a patch within 60 days.

Ac5 Firmware EUVD-2025-17362

| CVE-2025-5794 HIGH

Buffer Overflow (CWE-119)

2025-06-06 cna@vuldb.com

Buffer Overflow Ac5 Firmware Tenda

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17362

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

PoC Detected

Jun 09, 2025 - 19:08 vuln.today

Public exploit code

CVE Published

Jun 06, 2025 - 19:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Technical ContextAI

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

EUVD-2025-17362 vulnerability details – vuln.today

Back

Ac5 Firmware EUVD-2025-17362

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code