Cyber Posture

CVE-2025-10172

HighPublic PoC

Published: 09 September 2025

Published
09 September 2025
Modified
12 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10172 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 750W Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the buffer overflow by enforcing validation of the importpictureurl argument in the /goform/formPictureUrl endpoint.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like address space layout randomization and stack canaries to prevent exploitation of the buffer overflow vulnerability.

SI-2 Flaw Remediation good match
prevent

Requires timely patching or remediation of the known buffer overflow flaw in UTT 750W firmware versions up to 3.2.2-191225.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public web endpoint (/goform/formPictureUrl) on network device enables remote code execution with no user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit…

more

has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-10172 is a buffer overflow vulnerability (CWE-119, CWE-120) in UTT 750W devices running firmware versions up to 3.2.2-191225. The flaw occurs during processing of the /goform/formPictureUrl endpoint, where manipulation of the importpictureurl argument triggers the buffer overflow condition.

The vulnerability enables remote exploitation by an attacker possessing low privileges (PR:L), with low attack complexity (AC:L) and no requirement for user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 8.8, potentially allowing arbitrary code execution or system compromise.

Advisories from VulDB and a GitHub repository detail the issue, noting that a public exploit has been published and may be actively used. The vendor was notified early about the disclosure but provided no response, and no patches or mitigations are referenced in available sources.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
750w firmware
≤ 3.2.2-191225

CVEs Like This One

CVE-2025-13442Same product: Utt 750W
CVE-2026-2067Same vendor: Utt
CVE-2025-10953Same vendor: Utt
CVE-2025-7570Same vendor: Utt
CVE-2025-11652Same vendor: Utt
CVE-2025-14534Same vendor: Utt
CVE-2026-2066Same vendor: Utt
CVE-2025-10757Same vendor: Utt
CVE-2025-15460Same vendor: Utt
CVE-2026-0837Same vendor: Utt

References