CVE-2025-15089
Published: 25 December 2025
Summary
CVE-2025-15089 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 512W Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely remediation of known flaws like this buffer overflow through patching or firmware upgrades to eliminate the vulnerability.
Requires validation of untrusted inputs such as the wepkey1 argument to prevent buffer overflows from oversized or malformed data.
Implements memory protections like ASLR, DEP, and stack canaries to thwart exploitation of buffer overflows even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router web interface (/goform/APSecurity) exploitable remotely with low privileges for RCE/full compromise, directly facilitating public-facing application exploitation (T1190), exploitation of remote services (T1210), and privilege escalation (T1068).
NVD Description
A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely.…
more
The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-15089 is a buffer overflow vulnerability affecting UTT 进取 512W router firmware versions up to 1.7.7-171114. The issue resides in the strcpy function within the /goform/APSecurity file, where manipulation of the wepkey1 argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, potentially leading to full compromise of the affected device.
Advisories and additional details, including a proof-of-concept exploit, are documented on VulDB (https://vuldb.com/?ctiid.338418, https://vuldb.com/?id.338418) and GitHub (https://github.com/cymiao1978/cve/blob/main/new/14.md, https://github.com/cymiao1978/cve/blob/main/new/14.md#poc). No specific patch or mitigation guidance is outlined in the initial disclosure.
The exploit has been publicly disclosed and may be actively used by attackers targeting vulnerable UTT 进取 512W devices.
Details
- CWE(s)