CVE-2025-11323

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UTT versions prior to v2v3.2.2-200710

Description A buffer overflow issue exists in the strcpy function within the /goform/formUserStatusRemark file. Manipulation of the Username argument can trigger this issue, potentially allowing for remote exploitation. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to v2v3.2.2-200710 should be updated. As a temporary workaround, consider restricting access to the /goform/formUserStatusRemark file to minimize the risk of exploitation. Avoid using the Username parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2026-00370

CVE-2025-11323

Affected Products

Utt

CVE-2025-11323

Weakness Enumeration

Related Identifiers

Affected Products

References · 11