CVE-2025-11651
Published: 13 October 2025
Summary
CVE-2025-11651 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 518G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by validating the Profile argument in the /goform/formRemoteControl endpoint against malicious input manipulation.
Implements memory protections such as ASLR and DEP to block arbitrary code execution from successful buffer overflows.
Requires timely identification, reporting, and remediation of flaws like this buffer overflow via firmware updates or replacements.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in web management endpoint (/goform/formRemoteControl) enables remote code execution on public-facing network device, directly mapping to exploitation of public-facing application.
NVD Description
A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out…
more
remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11651 is a buffer overflow vulnerability affecting UTT 进取 518G devices running firmware up to version V3v3.2.7-210919-161313. The issue resides in the sub_4247AC function within the /goform/formRemoteControl endpoint, where manipulation of the Profile argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access but no user interaction or complex preconditions. Successful exploitation allows arbitrary code execution, leading to high impacts on confidentiality, integrity, and availability, such as data theft, system modification, or denial of service on the affected device.
Advisories from VulDB and related disclosures note no vendor response despite early contact, with no patches or mitigations provided. A proof-of-concept exploit is publicly available on GitHub, increasing the risk of widespread abuse.
The exploit disclosure heightens the urgency for users of affected UTT 进取 518G devices to isolate them or apply network controls until firmware updates are released, as no real-world exploitation in the wild is detailed in available sources.
Details
- CWE(s)