Cyber Resilience

CVE-2025-0328

Medium

Published: 09 January 2025

Published
09 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0128 80.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0328 is a medium-severity Injection (CWE-74) vulnerability in Zhaoj (inferred from references). Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A critical command injection vulnerability has been identified in the KaiYuanTong ECT Platform up to version 2.0.0. The flaw resides in the HTTP POST Request Handler component, specifically within the file /public/server/runCode.php, where unsanitized input to the "code" argument is passed to an underlying system command. This corresponds to CWE-74 and CWE-77 weaknesses and permits remote, unauthenticated attackers to inject and execute arbitrary operating-system commands.

An attacker can send a crafted HTTP POST request to the affected endpoint and achieve limited control over confidentiality, integrity, and availability on the target system. No user interaction or credentials are required, and the attack complexity is low. A public exploit has already been disclosed, enabling straightforward reproduction by threat actors with network access to the platform.

The vendor was notified prior to disclosure but did not respond or issue a patch. Public references, including detailed technical notes, confirm the issue is exploitable in default configurations. The associated EPSS score rose from a low baseline to a peak of 0.0214, indicating emerging exploitation interest after publication.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the…

more

argument code leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote unauthenticated command injection in a public-facing web app (runCode.php) directly enables T1190 (Exploit Public-Facing Application) and facilitates T1059 (Command and Scripting Interpreter) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15131Shared CWE-74, CWE-77
CVE-2026-1687Shared CWE-74, CWE-77
CVE-2026-1414Shared CWE-74, CWE-77
CVE-2025-1845Shared CWE-74, CWE-77
CVE-2025-1947Shared CWE-74, CWE-77
CVE-2025-15133Shared CWE-74, CWE-77
CVE-2025-10962Shared CWE-74, CWE-77
CVE-2025-1946Shared CWE-74, CWE-77
CVE-2026-3943Shared CWE-74, CWE-77
CVE-2025-15132Shared CWE-74, CWE-77

Affected Assets

Zhaoj
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by validating and sanitizing the 'code' argument in the vulnerable /public/server/runCode.php HTTP POST handler.

prevent

Requires timely identification, reporting, and correction of the command injection flaw in the ECT Platform up to version 2.0.0.

prevent

Limits the scope and impact of arbitrary command execution by enforcing least privilege on the processes handling the injected code.

References