Cyber Resilience

CVE-2025-15461

HighPublic PoC

Published: 05 January 2026

Published
05 January 2026
Modified
12 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0081 52.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15461 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-15461 is a buffer overflow vulnerability affecting the UTT 进取 520W router firmware version 1.7.7-180627. The flaw exists in the strcpy function within the /goform/formTaskEdit file, where manipulation of the selDateType argument triggers the overflow. Published on 2026-01-05, it carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability enables remote exploitation by an authenticated attacker with low privileges (PR:L) who has network access. No user interaction is required, and the attack complexity is low. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise via the buffer overflow.

Advisories from VulDB and related disclosures indicate that the vendor was contacted early about the issue but provided no response or patches. An exploit proof-of-concept has been publicly released on GitHub, increasing the risk of active misuse. No official mitigations are available, leaving affected systems reliant on network segmentation or replacement.

EU & UK References

Vulnerability details

A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit…

more

has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in public web form (/goform) directly enables remote exploitation of a network device (T1190) by low-priv authenticated users, resulting in arbitrary code execution and full system compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2068Same product: Utt 520W
CVE-2026-1137Same product: Utt 520W
CVE-2026-1140Same product: Utt 520W
CVE-2026-1138Same product: Utt 520W
CVE-2026-0838Same product: Utt 520W
CVE-2026-2070Same product: Utt 520W
CVE-2025-15459Same product: Utt 520W
CVE-2026-1139Same product: Utt 520W
CVE-2025-15462Same product: Utt 520W
CVE-2026-2071Same product: Utt 520W

Affected Assets

utt
520w firmware
≤ 1.7.7-180627

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the buffer overflow by validating the selDateType input argument for proper length and format before processing with strcpy in /goform/formTaskEdit.

prevent

Implements memory protections like stack canaries, ASLR, and DEP to block exploitation of the buffer overflow vulnerability even if invalid input reaches strcpy.

prevent

Requires timely flaw remediation processes, such as applying patches or isolating/replacing the vulnerable UTT router firmware when no vendor fix is available.

References