CVE-2025-45586
📋 TL;DR
This vulnerability in Audi UTR 2.0 Universal Traffic Recorder allows attackers to overwrite arbitrary files on the system by sending a specially crafted PUT request. This affects all systems running Audi UTR 2.0 traffic recording software. Attackers could potentially modify critical system files or deploy malicious payloads.
💻 Affected Systems
- Audi UTR 2.0 Universal Traffic Recorder
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through overwriting critical system files, installation of persistent backdoors, or destruction of system integrity leading to service disruption.
Likely Case
Unauthorized file modification leading to data corruption, service disruption, or deployment of web shells for further exploitation.
If Mitigated
Limited impact with proper network segmentation and file permission restrictions, potentially only affecting non-critical files in isolated directories.
🎯 Exploit Status
The vulnerability requires no authentication and can be exploited with simple HTTP PUT requests. Public proof-of-concept is available in the referenced security report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch is currently available from the vendor. Monitor vendor channels for updates and apply immediately when released.
🔧 Temporary Workarounds
Block PUT requests at network perimeter
allConfigure firewalls or web application firewalls to block HTTP PUT requests to the UTR 2.0 service.
# Example iptables rule for Linux
sudo iptables -A INPUT -p tcp --dport [UTR_PORT] -m string --string "PUT" --algo bm -j DROP
# Example Windows Firewall rule using PowerShell
New-NetFirewallRule -DisplayName "Block UTR PUT" -Direction Inbound -Protocol TCP -LocalPort [UTR_PORT] -Action Block -RemoteAddress Any
Restrict file system permissions
allLimit the UTR service account to read-only access for critical directories and implement strict file permission controls.
# Linux example: Make directories read-only
sudo chmod -R 444 /path/to/critical/directories
# Windows example: Remove write permissions
icacls "C:\Program Files\UTR" /deny "UTR_Service_Account":(W)
🧯 If You Can't Patch
- Isolate the UTR system on a separate network segment with strict access controls
- Implement application allowlisting to prevent execution of unauthorized files that could be written via this vulnerability
🔍 How to Verify
Check if Vulnerable:
Test by sending a crafted PUT request to the UTR web interface endpoint. If the server accepts the request and returns a success response, the system is vulnerable.Check Version:
Check the UTR web interface or configuration files for version information. Typically accessible via the web interface dashboard.Verify Fix Applied:
After implementing workarounds, test with the same PUT request. The request should be blocked or fail to overwrite files.📡 Detection & Monitoring
Log Indicators:
- HTTP PUT requests to UTR endpoints with unusual file paths
- File modification events in system directories from the UTR service account
- Unauthorized file creation or modification timestamps
Network Indicators:
- HTTP PUT requests with crafted file paths in the request body or headers
- Unusual outbound connections from the UTR system following PUT requests
SIEM Query:
source="UTR_logs" AND (method="PUT" AND (uri CONTAINS ".." OR uri CONTAINS "/etc/" OR uri CONTAINS "/windows/"))