Local Privilege Escalation Vulnerability in TRENDnet TEW-822DRE Firmware
CVE-2025-8758

7.3HIGH

Key Information:

Vendor: Trendnet
Status: Tew-822dre
Vendor: CVE Published:; 9 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8758?

A local privilege escalation vulnerability has been identified in the TRENDnet TEW-822DRE firmware version FW103B02. This issue pertains to a problematic component of the vsftpd server, enabling an attacker to exploit the system under least privilege conditions. While the attack requires local access, the complexity of successfully executing the exploit is noted to be high. The exploit has been publicly disclosed, posing potential risks to users who have not mitigated the issue. Despite early notifications to the vendor, there has been no response, emphasizing the urgency for affected users to review and secure their systems.

Affected Version(s)

TEW-822DRE FW103B02

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8758 - Proof of Concept

References

https://vuldb.com/?id.319263

vdb-entry

https://vuldb.com/?ctiid.319263

signaturepermissions-required

https://vuldb.com/?submit.624299

third-party-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 9, 2025
👾
Exploit known to exist
Aug 9, 2025
Vulnerability published
Aug 9, 2025
Vulnerability Reserved
Aug 8, 2025

Credit

TPCHECKER (VulDB User)

Trendnet

Badges

What is CVE-2025-8758?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit