CVE-2025-6097 is a vulnerability identified in the UTT 进取 750W device, specifically affecting version 5.0 of its firmware. The flaw resides in the Administrator Password Handler component, within the function formDefineManagement of the /goform/setSysAdm endpoint. The vulnerability arises due to improper validation of the passwd1 argument, which allows an attacker to change the administrator password without any verification. This means that an unauthenticated remote attacker can manipulate the password parameter to reset the administrator password, effectively gaining administrative access to the device. The vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, increasing its risk profile. Although the vendor was notified early, there has been no response or patch released as of the publication date (June 16, 2025). The CVSS v4.0 base score is 6.9, categorized as medium severity, reflecting the ease of exploitation (network vector, no authentication, no user interaction) but limited impact on confidentiality and availability. The vulnerability does not directly impact confidentiality or availability but compromises integrity by allowing unauthorized administrative control, which can lead to further malicious activities such as configuration changes, network interception, or persistent backdoors. No known exploits are currently observed in the wild, but public disclosure of the exploit code increases the likelihood of exploitation attempts. The lack of vendor response and patch availability heightens the urgency for affected organizations to implement mitigations.

For European organizations using the UTT 进取 750W device, this vulnerability poses a significant risk to network security and operational integrity. Unauthorized password changes can lead to full administrative compromise of the device, enabling attackers to alter configurations, intercept or redirect traffic, disable security controls, or establish persistent access. This can result in data breaches, disruption of network services, and potential lateral movement within corporate networks. Given that the device is likely used in network infrastructure roles, such as routing or switching, exploitation could impact availability and integrity of critical communication channels. The absence of vendor patches increases exposure time, and organizations relying on this device must assume a heightened threat level. Additionally, the remote and unauthenticated nature of the exploit means that attackers can target these devices from anywhere, increasing the attack surface. European organizations in sectors with high reliance on network infrastructure—such as telecommunications, finance, manufacturing, and government—may face operational disruptions and data compromise if this vulnerability is exploited.

1. Immediate network segmentation: Isolate UTT 进取 750W devices from untrusted networks and restrict management interface access to trusted administrative subnets only. 2. Implement strict firewall rules to block external access to the /goform/setSysAdm endpoint or the device’s management ports from outside the internal network. 3. Deploy network intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block attempts to exploit the passwd1 parameter manipulation. 4. Monitor device logs and network traffic for unusual password change attempts or unauthorized administrative access. 5. If possible, disable remote management interfaces temporarily until a patch or vendor guidance is available. 6. Maintain an inventory of all UTT 进取 750W devices and verify firmware versions to identify affected units. 7. Engage with UTT or authorized resellers to seek firmware updates or official mitigation guidance. 8. Consider replacing vulnerable devices with alternative products from vendors with active security support if patching is not forthcoming. 9. Educate network administrators on the vulnerability and enforce strong operational security practices to detect and respond to suspicious activity quickly.