Cyber Resilience

CVE-2025-10171

HighPublic PoC

Published: 09 September 2025

Published
09 September 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0040 60.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10171 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 1250Gw Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-10171 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting UTT 1250GW devices running versions up to 3.2.2-200710. The issue resides in the function sub_453DC within the file /goform/formConfigApConfTemp, where manipulation triggers the overflow.

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact compromise, including unauthorized access to sensitive data, modification of system behavior, and disruption of services.

Advisories note that the vendor was contacted early regarding this issue but provided no response or patches. The exploit is publicly available and may be actively used by attackers.

EU & UK References

Vulnerability details

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may…

more

be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing web form handler (/goform/) on network device directly enables remote exploitation of public-facing application for code execution and full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11323Same product: Utt 1250Gw
CVE-2025-11355Same product: Utt 1250Gw
CVE-2025-10953Same product: Utt 1250Gw
CVE-2025-15459Same vendor: Utt
CVE-2025-11652Same vendor: Utt
CVE-2026-0841Same vendor: Utt
CVE-2025-11651Same vendor: Utt
CVE-2025-10757Same vendor: Utt
CVE-2026-2067Same vendor: Utt
CVE-2025-15429Same vendor: Utt

Affected Assets

utt
1250gw firmware
≤ 3.2.2-200710

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the buffer overflow vulnerability by requiring timely remediation through patches, updates, or workarounds for the affected UTT 1250GW firmware versions.

prevent

Implements memory protection mechanisms such as ASLR and non-executable stacks to prevent successful exploitation of the buffer overflow in sub_453DC.

prevent

Enforces validation of inputs to the /goform/formConfigApConfTemp endpoint to block malicious manipulation that triggers the buffer overflow.

References