Cyber Posture

CVE-2025-0484

HighPublic PoC

Published: 15 January 2025

Published
15 January 2025
Modified
27 February 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0011 29.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0484 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Fanli2012 Native-Php-Cms. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to backend resources like sysconfig_doedit.php, directly preventing improper authorization exploitation.

CM-5 Access Restrictions for Change good match
prevent

Restricts access to system configuration changes to authorized users only, mitigating unauthorized manipulation of the vulnerable sysconfig_doedit.php endpoint.

AC-6 Least Privilege partial match
prevent

Applies least privilege to limit the scope of actions possible even if authorization checks in the backend fail.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Improper authorization in a publicly accessible backend PHP script enables remote unauthenticated exploitation of a web application.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit…

more

has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-0484 is a critical improper authorization vulnerability (CWE-266, CWE-285) in Fanli2012 native-php-cms version 1.0. The issue resides in the Backend component, specifically the unknown processing of the file /fladmin/sysconfig_doedit.php, which allows manipulation leading to improper authorization.

The vulnerability can be exploited remotely by unauthenticated attackers over the network with low attack complexity and no user interaction required, per its CVSS 3.1 score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impacts on confidentiality, integrity, and availability.

Advisories referenced in VulDB entries and GitHub issues for the native-php-cms repository (e.g., https://github.com/Fanli2012/native-php-cms/issues/6) confirm the vulnerability details, noting that an exploit has been publicly disclosed and may be used. No patches or specific mitigations are detailed in the provided references.

Details

CWE(s)
CWE-266CWE-285NVD-CWE-noinfo

Affected Products

fanli2012
native-php-cms
1.0

CVEs Like This One

CVE-2025-0487Same product: Fanli2012 Native-Php-Cms
CVE-2025-0491Same product: Fanli2012 Native-Php-Cms
CVE-2025-0486Same product: Fanli2012 Native-Php-Cms
CVE-2026-4617Shared CWE-266, CWE-285
CVE-2026-6105Shared CWE-266, CWE-285
CVE-2026-3734Shared CWE-266, CWE-285
CVE-2025-2360Shared CWE-266, CWE-285
CVE-2026-1597Shared CWE-266, CWE-285
CVE-2026-3724Shared CWE-266, CWE-285
CVE-2026-5642Shared CWE-266, CWE-285

References