CVE-2025-10953 is a high-severity buffer overflow vulnerability affecting UTT 1200GW and 1250GW devices running firmware versions up to 3.0.0-170831 and 3.2.2-200710 respectively. The vulnerability resides in an unknown code segment within the /goform/formApMail endpoint, where improper handling of the senderEmail argument allows an attacker to overflow a buffer. This flaw can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts confidentiality, integrity, and availability with high impact metrics (VC:H/VI:H/VA:H), meaning an attacker could potentially execute arbitrary code, cause denial of service, or exfiltrate sensitive information. The vendor has been contacted but has not responded or issued a patch, and although no exploits are currently known in the wild, the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability affects network gateway devices, which are critical infrastructure components in enterprise and service provider networks, making this a significant threat vector. The lack of vendor response and patch availability further elevates the risk for organizations relying on these devices.

For European organizations, this vulnerability poses a serious risk, especially for those using UTT 1200GW or 1250GW devices in their network infrastructure. Successful exploitation could lead to full compromise of the affected gateway, enabling attackers to intercept, modify, or disrupt network traffic, potentially impacting business continuity and data confidentiality. Given the devices' role as network gateways, exploitation could facilitate lateral movement within corporate networks or serve as a foothold for further attacks. Critical sectors such as finance, telecommunications, government, and energy in Europe could face operational disruptions or data breaches. The absence of a vendor patch means organizations must rely on alternative mitigations, increasing operational complexity and risk exposure. Additionally, the public disclosure of the exploit details may lead to increased scanning and targeted attacks against vulnerable devices in Europe.

Organizations should immediately identify and inventory all UTT 1200GW and 1250GW devices running affected firmware versions. Network segmentation should be enforced to isolate these devices from critical internal resources. Implement strict access controls and firewall rules to restrict inbound traffic to the /goform/formApMail endpoint, ideally blocking it from untrusted networks. Monitoring and intrusion detection systems should be configured to detect anomalous requests targeting this endpoint. If possible, disable or restrict the vulnerable functionality until a vendor patch is available. Consider deploying virtual patching via web application firewalls (WAFs) or network-based intrusion prevention systems (IPS) to detect and block exploitation attempts. Organizations should also engage with UTT or their vendors for updates and consider alternative hardware if no timely patch is forthcoming. Regular backups and incident response plans should be reviewed and updated to prepare for potential exploitation scenarios.