Cyber Resilience

CVE-2025-10756

HighPublic PoC

Published: 20 September 2025

Published
20 September 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 65.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10756 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 840G Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-10756 is a buffer overflow vulnerability (CWE-119, CWE-120) in the UTT HiPER 840G router firmware versions up to 3.1.1-190328. The flaw affects an unknown function in the /goform/getOneApConfTempEntry file, where manipulation of the tempName argument triggers the overflow. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-09-20.

Attackers with low privileges (PR:L) can exploit the vulnerability remotely over the network with low attack complexity and no user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system compromise.

VulDB advisories (ctiid.325111, id.325111) and a GitHub repository detail the issue, including a proof-of-concept exploit. The vendor was contacted early about the disclosure but did not respond, and no patches or mitigations are available.

The exploit has been publicly released, increasing the likelihood of active exploitation.

EU & UK References

Vulnerability details

A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. It is possible to launch the attack remotely.…

more

The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing router web form (/goform endpoint) directly enables remote exploitation of a network device for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-7570Same product: Utt 840G
CVE-2025-7571Same product: Utt 840G
CVE-2025-11305Same product: Utt 840G
CVE-2025-15459Same vendor: Utt
CVE-2025-11652Same vendor: Utt
CVE-2025-10171Same vendor: Utt
CVE-2026-0841Same vendor: Utt
CVE-2025-11651Same vendor: Utt
CVE-2025-10757Same vendor: Utt
CVE-2026-2067Same vendor: Utt

Affected Assets

utt
840g firmware
≤ 3.1.1-190328

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents buffer overflow by enforcing validation of the manipulated tempName argument in the /goform/getOneApConfTempEntry endpoint.

preventrecover

Requires timely identification, prioritization, and remediation of the buffer overflow flaw, including firmware patching when available despite vendor non-response.

prevent

Implements memory protections such as ASLR and non-executable memory to mitigate arbitrary code execution from successful buffer overflows.

References