CVE-2025-10953 – This is a remote buffer overflow vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-10953?

CVE-2025-10953 has a CVSS score of 8.8 (HIGH). This is a remote buffer overflow vulnerability in UTT 1200GW and 1250GW routers affecting the formApMail endpoint. Attackers can exploit this by sending specially crafted senderEmail parameters to potentially execute arbitrary code or crash devices. Organizations using these specific router models with vulnerable firmware are affected.

📋 TL;DR

This is a remote buffer overflow vulnerability in UTT 1200GW and 1250GW routers affecting the formApMail endpoint. Attackers can exploit this by sending specially crafted senderEmail parameters to potentially execute arbitrary code or crash devices. Organizations using these specific router models with vulnerable firmware are affected.

💻 Affected Systems

Products:

UTT 1200GW
UTT 1250GW

Versions: Up to 3.0.0-170831/3.2.2-200710

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /goform/formApMail endpoint specifically. All devices with vulnerable firmware versions are affected regardless of configuration.

📦 What is this software?

1200gw Firmware by Utt

View all CVEs affecting 1200gw Firmware →

1250gw Firmware by Utt

View all CVEs affecting 1250gw Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement into internal networks, and persistent backdoor installation.

🟠

Likely Case

Device crash causing denial of service, potential information disclosure, or limited code execution depending on exploit sophistication.

🟢

If Mitigated

Denial of service from device crash if exploit attempts are blocked or fail, with no further network penetration.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Contact vendor for updated firmware. If unavailable, implement workarounds or replace devices.

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to router management interfaces and restrict internal access to authorized IPs only.

iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Web Application Firewall

all

Deploy WAF rules to block requests containing buffer overflow patterns targeting /goform/formApMail endpoint.

🧯 If You Can't Patch

Isolate affected routers in separate network segments with strict firewall rules
Monitor for exploit attempts and implement intrusion detection for buffer overflow patterns

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or SSH. If version is 3.0.0-170831 or 3.2.2-200710 or earlier, device is vulnerable.

Check Version:

ssh admin@router-ip 'cat /etc/version' or check web interface System Status page

Verify Fix Applied:

Verify firmware version is newer than affected versions. Test endpoint with safe payloads to confirm buffer overflow protections.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/formApMail with unusually long senderEmail parameters
Router crash/reboot logs
Memory violation errors in system logs

Network Indicators:

HTTP POST requests to /goform/formApMail with senderEmail parameter exceeding normal length
Traffic patterns suggesting buffer overflow exploitation

SIEM Query:

source="router_logs" AND (uri="/goform/formApMail" AND senderEmail.length>100)

📊 Metadata

CVE ID: CVE-2025-10953

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.27% exploit probability (50.1th percentile)

Published: September 25, 2025

Last Updated: February 10, 2026

🔗 References

https://github.com/cymiao1978/cve/blob/main/8.md Exploit,Third Party Advisory
https://github.com/cymiao1978/cve/blob/main/9.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.325824 Permissions Required,VDB Entry
https://vuldb.com/?id.325824 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.652687 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.652688 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10953, you might also want to check these: