Cyber Posture

CVE-2025-11652

HighPublic PoC

Published: 13 October 2025

Published
13 October 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0035 57.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11652 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 518G Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates the txtMin2 argument in /goform/formTaskEdit_ap processing to prevent buffer overflow exploitation from malformed remote inputs.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries, ASLR, and DEP to block arbitrary code execution from buffer overflow exploits.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of the buffer overflow flaw, including patching or system replacement despite vendor non-response.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public-facing web management interface (/goform/) enables remote exploitation for arbitrary code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit…

more

has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-11652 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting UTT 进取 518G devices up to version V3v3.2.7-210919-161313. The flaw occurs in some unknown processing of the /goform/formTaskEdit_ap file, where manipulation of the txtMin2 argument triggers the overflow.

The vulnerability can be exploited remotely by an attacker requiring low privileges (PR:L), with network access, low attack complexity, and no user interaction. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), allowing high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or denial of service.

Advisories from VulDB and related sources note that a proof-of-concept exploit is publicly available on GitHub. The vendor was contacted early for disclosure but provided no response, and no patches or official mitigations are referenced. The exploit could be used in practice given its public status.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
518g firmware
≤ 3.2.7-210919-161313

CVEs Like This One

CVE-2025-11651Same product: Utt 518G
CVE-2026-2067Same vendor: Utt
CVE-2025-10953Same vendor: Utt
CVE-2025-7570Same vendor: Utt
CVE-2025-14534Same vendor: Utt
CVE-2026-2066Same vendor: Utt
CVE-2025-10757Same vendor: Utt
CVE-2025-15460Same vendor: Utt
CVE-2026-0837Same vendor: Utt
CVE-2026-0841Same vendor: Utt

References