CVE-2025-11652
Published: 13 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11652 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting UTT 进取 518G devices up to version V3v3.2.7-210919-161313. The flaw occurs in some unknown processing of the /goform/formTaskEdit_ap file, where manipulation of the txtMin2 argument triggers the overflow.
The vulnerability can be exploited remotely by an attacker requiring low privileges (PR:L), with network access, low attack complexity, and no user interaction. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), allowing high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or denial of service.
Advisories from VulDB and related sources note that a proof-of-concept exploit is publicly available on GitHub. The vendor was contacted early for disclosure but provided no response, and no patches or official mitigations are referenced. The exploit could be used in practice given its public status.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in public-facing web management interface (/goform/) enables remote exploitation for arbitrary code execution, directly mapping to T1190: Exploit Public-Facing Application.