CVE-2025-10757
Published: 21 September 2025
Summary
CVE-2025-10757 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 1200Gw Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents the buffer overflow by enforcing validation of the GroupName argument in the /goform/formConfigDnsFilterGlobal endpoint.
Implements memory protections such as ASLR and DEP to block arbitrary code execution from exploitation of the buffer overflow.
Mandates identification and timely remediation of the buffer overflow flaw in UTT 1200GW firmware up to 3.0.0-170831, including workarounds given lack of vendor patch.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in web form endpoint (/goform/formConfigDnsFilterGlobal) of network gateway device directly enables remote exploitation of a public-facing application for RCE by authenticated users.
NVD Description
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated remotely. The exploit has…
more
been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-10757 is a buffer overflow vulnerability affecting UTT 1200GW devices running firmware versions up to 3.0.0-170831. The issue resides in an unknown function within the /goform/formConfigDnsFilterGlobal file, where manipulation of the GroupName argument triggers the overflow. This flaw is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
Attackers with low privileges (PR:L), such as authenticated users, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or device disruption. A proof-of-concept exploit is publicly available, increasing the risk of widespread abuse.
Advisories from VulDB and related GitHub repositories document the issue but note that the vendor was contacted early without any response, implying no official patches or mitigations are available. Security practitioners should isolate affected devices, restrict access to the vulnerable endpoint, and monitor for exploitation attempts using the disclosed POC.
Notable context includes the public availability of the exploit, which could lead to active exploitation in the wild, particularly against unpatched UTT 1200GW deployments in enterprise or small office environments.
Details
- CWE(s)