CVE-2025-15431

HighPublic PoC

Published: 02 January 2026

Published

02 January 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15431 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 512W Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation and sanitization of the 'filename' argument in /goform/formFtpServerDirConfig to prevent buffer overflow from improper input handling.

SI-16 Memory Protection good match

prevent

Enforces memory protections such as non-executable memory and stack guards to mitigate exploitation of the strcpy buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match

preventrecover

Mandates timely identification, reporting, and remediation of the buffer overflow flaw, including monitoring for vendor patches despite lack of response.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in web management interface (/goform/formFtpServerDirConfig) enables remote exploitation (AV:N/PR:L) for RCE or DoS, directly facilitating T1190 (public-facing app), T1210 (remote services), and T1068 (privilege escalation via vuln).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has…

been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-15431 is a buffer overflow vulnerability in the UTT 进取 512W router running firmware version 1.7.7-171114. The flaw resides in the strcpy function within the /goform/formFtpServerDirConfig file, where improper handling of the 'filename' argument allows overflow conditions. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-01-02.

Attackers with low privileges (PR:L) can exploit this remotely over the network (AV:N) with low complexity and no user interaction required. By manipulating the 'filename' argument, an attacker triggers the buffer overflow, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or denial of service on the affected device.

Advisories from VulDB indicate the exploit has been publicly disclosed, including proof-of-concept code available on GitHub repositories. The vendor was notified early but provided no response or patch, leaving no official mitigation available as of disclosure.

Notable context includes the published exploit, which may already be in use by threat actors targeting exposed UTT 进取 512W devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

512w firmware

≤ 1.7.7-171114

CVEs Like This One

CVE-2025-15089Same product: Utt 512W

CVE-2025-15430Same product: Utt 512W

CVE-2025-14191Same product: Utt 512W

CVE-2025-15428Same product: Utt 512W

CVE-2025-15090Same product: Utt 512W

CVE-2025-15429Same product: Utt 512W

CVE-2025-14535Same product: Utt 512W

CVE-2025-14534Same product: Utt 512W

CVE-2025-14572Same product: Utt 512W

CVE-2025-11653Same vendor: Utt

References

https://github.com/GUOTINGTING2297/cve/blob/main/1234/21.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/GUOTINGTING2297/cve/blob/main/1234/21.md#poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.339353
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.339353
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.721889
Third Party Advisory, VDB Entry · cna@vuldb.com