CVE-2025-15091 HIGH

CVE-2025-15091: UTT 进取 512W formPictureUrl strcpy buffer overflow

Vendor Utt

Product 进取 512W

Weakness CWE-120

Published December 25, 2025

Last update December 26, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

December 25, 2025 CVE published

December 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15091 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/120.html

Related vulnerabilities

CVE-2025-15091: UTT 进取 512W formPictureUrl strcpy buffer overflow

01Description

02Disclosure timeline

03References

04Related CVE