CVE-2025-10172 – A buffer overflow vulnerability in UTT 750W dev... (How to Fix)

Q: What is the severity of CVE-2025-10172?

CVE-2025-10172 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in UTT 750W devices up to version 3.2.2-191225 allows remote attackers to execute arbitrary code by manipulating the importpictureurl parameter in the /goform/formPictureUrl endpoint. This affects all systems running vulnerable firmware versions. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A buffer overflow vulnerability in UTT 750W devices up to version 3.2.2-191225 allows remote attackers to execute arbitrary code by manipulating the importpictureurl parameter in the /goform/formPictureUrl endpoint. This affects all systems running vulnerable firmware versions. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

UTT 750W

Versions: Up to and including 3.2.2-191225

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations with the vulnerable firmware version are affected. The /goform/formPictureUrl endpoint appears to be part of the web management interface.

📦 What is this software?

750w Firmware by Utt

View all CVEs affecting 750w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Remote code execution resulting in device takeover, network pivoting, and denial of service.

🟢

If Mitigated

Exploitation attempts blocked by network segmentation and input validation controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects web-accessible interfaces.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider replacing affected devices with alternative solutions or implementing strict network controls.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UTT 750W devices from untrusted networks and restrict access to management interfaces.

Web Application Firewall

all

Deploy WAF rules to block requests containing suspicious patterns targeting /goform/formPictureUrl with manipulated importpictureurl parameters.

🧯 If You Can't Patch

Decommission and replace affected UTT 750W devices with supported alternatives
Implement strict network access controls allowing only trusted IPs to access device management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or CLI. If version is 3.2.2-191225 or earlier, device is vulnerable.

Check Version:

Check via web interface at http://device-ip/ or consult device documentation for CLI version check.

Verify Fix Applied:

Verify firmware version has been updated beyond 3.2.2-191225 (though no official patch exists).

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/formPictureUrl with unusually long importpictureurl parameters
Device crash/restart logs following web interface access

Network Indicators:

HTTP POST requests to /goform/formPictureUrl with crafted importpictureurl values
Unusual outbound connections from UTT 750W devices

SIEM Query:

source="*UTT*" AND (url="/goform/formPictureUrl" OR url="*formPictureUrl*") AND (param="*importpictureurl*" OR data="*importpictureurl*")

📊 Metadata

CVE ID: CVE-2025-10172

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.19% exploit probability (40.1th percentile)

Published: September 9, 2025

Last Updated: January 12, 2026

🔗 References

https://github.com/cymiao1978/cve/blob/main/1.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.323207 Permissions Required,VDB Entry
https://vuldb.com/?id.323207 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.639030 Third Party Advisory,VDB Entry
https://github.com/cymiao1978/cve/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10172, you might also want to check these: