CVE-2025-6097

Name of the Vulnerable Software and Affected Versions UTT 进取 750W versions up to 5.0

Description A critical issue was found, affecting the function formDefineManagement of the file /goform/setSysAdm in the Administrator Password Handler component. The manipulation of the passwd1 argument leads to unverified password change. This issue can be exploited remotely.

Recommendations For versions up to 5.0, as a temporary workaround, consider restricting access to the /goform/setSysAdm endpoint to minimize the risk of exploitation. Avoid using the passwd1 argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.