CVE-2025-10953
Published: 25 September 2025
Summary
CVE-2025-10953 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 1200Gw Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of inputs like the senderEmail argument to prevent buffer overflow from malformed data.
Implements memory protections such as ASLR, DEP, and stack canaries to mitigate buffer overflow exploitation leading to code execution.
Mandates timely remediation of flaws like this buffer overflow through patching or compensatory controls despite vendor non-response.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in publicly accessible web form (/goform/formApMail) directly enables remote exploitation of a network device for arbitrary code execution (T1190).
NVD Description
A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The…
more
exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-10953 is a buffer overflow vulnerability affecting UTT 1200GW and 1250GW devices running firmware versions up to 3.0.0-170831 or 3.2.2-200710. The issue resides in unknown code within the /goform/formApMail file, where manipulation of the senderEmail argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, granting high impacts on confidentiality, integrity, and availability, potentially leading to full device compromise such as data theft, modification, or denial of service.
Advisories from VulDB and related GitHub repositories detail the vulnerability but note no vendor response despite early notification; no patches or mitigations are available. The exploit has been publicly disclosed and is available for use, increasing the risk for unpatched devices.
Details
- CWE(s)