CVE-2025-11305

HighPublic PoC

Published: 05 October 2025

Published

05 October 2025

Modified

08 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 36.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-11305 is a buffer overflow vulnerability in UTT HiPER 840G routers up to version 3.1.1-190328. The flaw affects the strcpy function in the /goform/formTaskEdit file, where manipulation of the txtMin2 argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability enables remote exploitation by an attacker with low privileges (PR:L). Per the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), exploitation over the network requires low complexity, no user interaction, and results in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution.

VulDB advisories and a related GitHub issue document the public disclosure of an exploit. The vendor was notified early but provided no response, and no patches or official mitigations are available.

The exploit has been disclosed publicly and may be actively used in the wild.

Details

CWE(s): CWE-119CWE-120

Affected Products

utt

840g firmware

≤ 3.1.1-190328

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in router web interface (/goform/formTaskEdit) enables remote low-privilege attackers to execute arbitrary code over the network, directly facilitating exploitation of public-facing applications, remote services, and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/maximdevere/CVE2/issues/3
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.327186
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.327186
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.661807
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/maximdevere/CVE2/issues/3
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0