CVE-2025-0328
Published: 09 January 2025
Summary
CVE-2025-0328 is a high-severity Injection (CWE-74) vulnerability in Zhaoj (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection by validating and sanitizing the 'code' argument in the vulnerable /public/server/runCode.php HTTP POST handler.
Requires timely identification, reporting, and correction of the command injection flaw in the ECT Platform up to version 2.0.0.
Limits the scope and impact of arbitrary command execution by enforcing least privilege on the processes handling the injected code.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated command injection in a public-facing web app (runCode.php) directly enables T1190 (Exploit Public-Facing Application) and facilitates T1059 (Command and Scripting Interpreter) for arbitrary command execution.
NVD Description
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the…
more
argument code leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0328 is a critical command injection vulnerability affecting KaiYuanTong ECT Platform versions up to 2.0.0. The issue resides in an unknown functionality of the file /public/server/runCode.php within the HTTP POST Request Handler component, where manipulation of the "code" argument enables arbitrary command execution. Classified under CWE-74 and CWE-77, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on January 9, 2025.
The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no privileges or user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to execute arbitrary commands on the server. An exploit has been publicly disclosed and may be actively used.
Advisories from sources like VulDB note that the vendor was contacted early regarding the disclosure but provided no response, with no patches or mitigations mentioned. References include detailed entries on VulDB (ctiid.290792, id.290792, submit.470601) and zhaoj.in notes.
Details
- CWE(s)