Cyber Posture

CVE-2025-10171

HighPublic PoC

Published: 09 September 2025

Published
09 September 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10171 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 1250Gw Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the buffer overflow vulnerability by requiring timely remediation through patches, updates, or workarounds for the affected UTT 1250GW firmware versions.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as ASLR and non-executable stacks to prevent successful exploitation of the buffer overflow in sub_453DC.

SI-10 Information Input Validation good match
prevent

Enforces validation of inputs to the /goform/formConfigApConfTemp endpoint to block malicious manipulation that triggers the buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public-facing web form handler (/goform/) on network device directly enables remote exploitation of public-facing application for code execution and full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may…

more

be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-10171 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting UTT 1250GW devices running versions up to 3.2.2-200710. The issue resides in the function sub_453DC within the file /goform/formConfigApConfTemp, where manipulation triggers the overflow.

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact compromise, including unauthorized access to sensitive data, modification of system behavior, and disruption of services.

Advisories note that the vendor was contacted early regarding this issue but provided no response or patches. The exploit is publicly available and may be actively used by attackers.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
1250gw firmware
≤ 3.2.2-200710

CVEs Like This One

CVE-2025-11355Same product: Utt 1250Gw
CVE-2025-11323Same product: Utt 1250Gw
CVE-2025-10953Same product: Utt 1250Gw
CVE-2026-2067Same vendor: Utt
CVE-2025-7570Same vendor: Utt
CVE-2025-11652Same vendor: Utt
CVE-2025-14534Same vendor: Utt
CVE-2026-2066Same vendor: Utt
CVE-2025-10757Same vendor: Utt
CVE-2025-15460Same vendor: Utt

References