CVE-2025-14191

HighPublic PoC

Published: 07 December 2025

Published

07 December 2025

Modified

05 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0053 67.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14191 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 512W Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of the 'except' argument size and format before strcpy usage in /goform/formP2PLimitConfig, directly preventing the buffer overflow.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation for the known buffer overflow vulnerability, including patching or workarounds despite vendor non-response.

SI-16 Memory Protection partial match

prevent

Deploys memory protections like stack canaries, ASLR, and DEP to hinder exploitation of the buffer overflow even if input validation fails.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in router's web interface (/goform/) enables remote exploitation (AV:N/PR:L) for arbitrary code execution, directly facilitating T1190 (Exploit Public-Facing Application) as initial access vector and T1068 (Exploitation for Privilege Escalation) from low to full system privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the…

attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-14191 is a buffer overflow vulnerability affecting UTT 进取 512W routers in versions up to 1.7.7-171114. The issue resides in the strcpy function within the /goform/formP2PLimitConfig file, where improper handling of the "except" argument allows overflow conditions. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables arbitrary code execution, potentially granting high-impact confidentiality, integrity, and availability compromises, such as full system takeover on the affected router.

Advisories from VulDB (ctiid.334611, id.334611) and a public GitHub disclosure by DavCloudz detail the vulnerability, including a proof-of-concept (PoC) for the buffer overflow. The vendor was notified early but provided no response, and no patches or official mitigations are available as of publication on 2025-12-07.

The exploit has been publicly disclosed and may be actively used, increasing risks for unpatched UTT 进取 512W deployments.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

512w firmware

≤ 1.7.7-171114

CVEs Like This One

CVE-2025-15430Same product: Utt 512W

CVE-2025-15089Same product: Utt 512W

CVE-2025-15431Same product: Utt 512W

CVE-2025-15428Same product: Utt 512W

CVE-2025-15090Same product: Utt 512W

CVE-2025-15429Same product: Utt 512W

CVE-2025-14535Same product: Utt 512W

CVE-2025-14534Same product: Utt 512W

CVE-2025-14572Same product: Utt 512W

CVE-2026-2981Same vendor: Utt

References

https://github.com/DavCloudz/cve/blob/main/UTT/512W/UTT%20512W%20Buffer%20Overflow%20Vulnerability.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/DavCloudz/cve/blob/main/UTT/512W/UTT%20512W%20Buffer%20Overflow%20Vulnerability.md#poc
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.334611
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.334611
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.699220
Third Party Advisory, VDB Entry · cna@vuldb.com