Shadow File Vulnerability in Tenda Networking Products
CVE-2025-15371

8.5HIGH

Key Information:

Vendor

Tenda
Status
I24
4g03 Pro
4g05
4g08
Vendor
CVE Published:
31 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15371?

A serious vulnerability affecting Tenda networking products has been identified in the Shadow File component. This flaw allows local attackers to gain unauthorized access due to the presence of hard-coded credentials. Disclosed publicly, the vulnerability highlights the need for immediate action to secure affected devices, including models such as Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, and TEG5328F. Users are advised to check for updates and secure their systems to mitigate potential risks.

Affected Version(s)

4G03 Pro 1.0.0.35

4G03 Pro 3.0.0.8(4008)

4G03 Pro 04.03.01.49

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15371 - Proof of Concept

References

https://vuldb.com/?id.339075
vdb-entrytechnical-description
https://vuldb.com/?ctiid.339075
signaturepermissions-required
https://vuldb.com/?submit.727155
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

vlun-1 (VulDB User)
JSON
.
CVE-2025-15371 : Shadow File Vulnerability in Tenda Networking Products