Cyber Resilience

CVE-2025-15460

HighPublic PoC

Published: 05 January 2026

Published
05 January 2026
Modified
12 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0058 43.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15460 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-15460 is a buffer overflow vulnerability in the UTT 进取 520W firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formPptpClientConfig file, where manipulation of the EncryptionMode argument triggers the overflow. This flaw corresponds to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and a requirement for low privileges. An attacker with low-privileged access can remotely exploit it over the network without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability through arbitrary code execution or system compromise via the buffer overflow.

Advisories from VulDB (ctiid.339496, id.339496) and a GitHub repository (cymiao1978/cve) detail the vulnerability, including a public proof-of-concept exploit. The vendor was notified early but provided no response or patch, leaving affected systems without official mitigation options. Security practitioners should isolate or decommission exposed UTT 进取 520W devices running the vulnerable firmware.

EU & UK References

Vulnerability details

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now…

more

public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public web management interface (/goform/) directly enables remote exploitation for code execution on network-accessible device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15459Same product: Utt 520W
CVE-2026-1139Same product: Utt 520W
CVE-2025-15462Same product: Utt 520W
CVE-2026-2071Same product: Utt 520W
CVE-2026-0837Same product: Utt 520W
CVE-2025-14141Same product: Utt 520W
CVE-2026-2067Same product: Utt 520W
CVE-2026-0841Same product: Utt 520W
CVE-2026-0836Same product: Utt 520W
CVE-2026-0839Same product: Utt 520W

Affected Assets

utt
520w firmware
≤ 1.7.7-180627

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of inputs like the EncryptionMode argument to prevent buffer overflows from untrusted data in the /goform/formPptpClientConfig handler.

prevent

SI-16 enforces memory protections such as address space layout randomization and stack canaries to mitigate exploitation of the buffer overflow vulnerability.

preventrecover

SI-2 requires timely remediation of flaws like this strcpy-induced buffer overflow through vulnerability scanning, patching, or workarounds despite vendor non-response.

References