CVE-2025-15460
Published: 05 January 2026
Summary
CVE-2025-15460 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of inputs like the EncryptionMode argument to prevent buffer overflows from untrusted data in the /goform/formPptpClientConfig handler.
SI-16 enforces memory protections such as address space layout randomization and stack canaries to mitigate exploitation of the buffer overflow vulnerability.
SI-2 requires timely remediation of flaws like this strcpy-induced buffer overflow through vulnerability scanning, patching, or workarounds despite vendor non-response.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web management interface (/goform/) directly enables remote exploitation for code execution on network-accessible device.
NVD Description
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now…
more
public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-15460 is a buffer overflow vulnerability in the UTT 进取 520W firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formPptpClientConfig file, where manipulation of the EncryptionMode argument triggers the overflow. This flaw corresponds to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and a requirement for low privileges. An attacker with low-privileged access can remotely exploit it over the network without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability through arbitrary code execution or system compromise via the buffer overflow.
Advisories from VulDB (ctiid.339496, id.339496) and a GitHub repository (cymiao1978/cve) detail the vulnerability, including a public proof-of-concept exploit. The vendor was notified early but provided no response or patch, leaving affected systems without official mitigation options. Security practitioners should isolate or decommission exposed UTT 进取 520W devices running the vulnerable firmware.
Details
- CWE(s)