CVE-2025-15090

HighPublic PoC

Published: 25 December 2025

Published

25 December 2025

Modified

31 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0021 42.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit…

has been made public and could be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and remediation of flaws such as the buffer overflow in the strcpy function triggered by the timestart argument, directly addressing this CVE through patching or code fixes.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of information inputs like the timestart parameter to prevent buffer overflows from remotely manipulated data in /goform/formConfigNoticeConfig.

SI-16 Memory Protection partial match

prevent

SI-16 provides memory protections such as address space layout randomization and stack canaries that mitigate exploitation of the buffer overflow for arbitrary code execution even if the input triggers it.

Security SummaryAI

CVE-2025-15090 is a buffer overflow vulnerability in UTT 进取 512W devices running versions up to 1.7.7-171114. The issue resides in the strcpy function within the /goform/formConfigNoticeConfig file, where manipulation of the timestart argument triggers the overflow. This remote vulnerability, associated with CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise. A proof-of-concept exploit has been publicly disclosed.

Advisories and additional details, including the PoC, are available on VulDB (ctiid.338419, id.338419, submit.708349) and GitHub repositories maintained by cymiao1978, which document the vulnerability and exploitation methods. No specific patches are detailed in the provided references.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

512w firmware

≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in web management interface (/goform/) of network device enables remote code execution via exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cymiao1978/cve/blob/main/new/15.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/cymiao1978/cve/blob/main/new/15.md#poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.338419
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.338419
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.708349
Third Party Advisory, VDB Entry · cna@vuldb.com