Cyber Posture

CVE-2025-15089

HighPublic PoC

Published: 25 December 2025

Published
25 December 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0021 42.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely.…

more

The exploit has been disclosed to the public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of known flaws like this buffer overflow through patching or firmware upgrades to eliminate the vulnerability.

SI-10 Information Input Validation good match
prevent

Requires validation of untrusted inputs such as the wepkey1 argument to prevent buffer overflows from oversized or malformed data.

SI-16 Memory Protection good match
prevent

Implements memory protections like ASLR, DEP, and stack canaries to thwart exploitation of buffer overflows even if input validation fails.

Security SummaryAI

CVE-2025-15089 is a buffer overflow vulnerability affecting UTT 进取 512W router firmware versions up to 1.7.7-171114. The issue resides in the strcpy function within the /goform/APSecurity file, where manipulation of the wepkey1 argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, potentially leading to full compromise of the affected device.

Advisories and additional details, including a proof-of-concept exploit, are documented on VulDB (https://vuldb.com/?ctiid.338418, https://vuldb.com/?id.338418) and GitHub (https://github.com/cymiao1978/cve/blob/main/new/14.md, https://github.com/cymiao1978/cve/blob/main/new/14.md#poc). No specific patch or mitigation guidance is outlined in the initial disclosure.

The exploit has been publicly disclosed and may be actively used by attackers targeting vulnerable UTT 进取 512W devices.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
512w firmware
≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in router web interface (/goform/APSecurity) exploitable remotely with low privileges for RCE/full compromise, directly facilitating public-facing application exploitation (T1190), exploitation of remote services (T1210), and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References