CVE-2025-0482

HighPublic PoC

Published: 15 January 2025

Published

15 January 2025

Modified

29 April 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0022 44.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0482 is a high-severity Use of Default Credentials (CWE-1392) vulnerability in Native-Php-Cms Project Native-Php-Cms. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

Directly requires changing default authenticators prior to first use, preventing remote exploitation of default credentials in /fladmin/user_recoverpwd.php.

AC-2 Account Management good match

prevent

Mandates management of accounts including creation, modification, disabling unnecessary accounts, and specifying password requirements to eliminate default credential usage.

CM-6 Configuration Settings partial match

prevent

Enforces secure configuration settings for system components, including remediation of vendor default credentials in the affected PHP CMS application.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Default credentials vulnerability on public-facing web admin endpoint directly enables Valid Accounts (Default Accounts) for Initial Access and exploitation of public-facing apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit…

has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-0482 is a vulnerability classified as critical in Fanli2012 native-php-cms version 1.0, affecting an unknown part of the file /fladmin/user_recoverpwd.php. The issue stems from the use of default credentials, as detailed in the CVE description published on 2025-01-15. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-1392 and NVD-CWE-Other.

The vulnerability enables remote attackers with no privileges or user interaction to exploit the affected endpoint through manipulation, potentially leveraging default credentials for unauthorized access. Successful exploitation could result in low-level impacts to confidentiality, integrity, and availability.

Advisories reference GitHub issues at https://github.com/Fanli2012/native-php-cms/issues/4 and https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348, along with VulDB entries including https://vuldb.com/?ctiid.291927, https://vuldb.com/?id.291927, and https://vuldb.com/?submit.475237. The exploit has been publicly disclosed and may be used.

Details

CWE(s): CWE-1392 NVD-CWE-Other

Affected Products

native-php-cms project

native-php-cms

1.0

CVEs Like This One

CVE-2025-0490Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2025-0489Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2025-0488Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2026-1972Shared CWE-1392

CVE-2025-34516Shared CWE-1392

CVE-2026-22273Shared CWE-1392

CVE-2025-8731Shared CWE-1392

CVE-2026-26341Shared CWE-1392

CVE-2025-1160Shared CWE-1392

CVE-2025-2398Shared CWE-1392

References

https://github.com/Fanli2012/native-php-cms/issues/4
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.291927
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.291927
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.475237
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/Fanli2012/native-php-cms/issues/4
Exploit, Issue Tracking, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348
Exploit, Issue Tracking, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0