CVE-2025-0488

MediumPublic PoC

Published: 15 January 2025

Published

15 January 2025

Modified

05 May 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0020 41.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0488 is a medium-severity Injection (CWE-74) vulnerability in Native-Php-Cms Project Native-Php-Cms. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly and comprehensively prevents SQL injection by requiring validation and sanitization of untrusted inputs like the 'cat' argument in product_list.php.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the specific SQL injection flaw in Fanli2012 native-php-cms 1.0 to eliminate the vulnerability.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables detection of SQL injection vulnerabilities like CVE-2025-0488 through regular vulnerability scanning of the web application.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505 Server Software Component Persistence

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in public-facing web CMS (product_list.php) enables exploitation of public-facing applications (T1190), abuse of server software components (T1505 as noted in advisory), and data collection from databases via arbitrary queries (T1213.006).

NVD Description

A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The…

exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-0488 is a critical SQL injection vulnerability in Fanli2012 native-php-cms version 1.0, affecting an unknown part of the file product_list.php. The issue arises from manipulation of the 'cat' argument and is remotely exploitable. It is associated with CWEs 74 and 89, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

A remote attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables low-impact violations of confidentiality, integrity, and availability, potentially allowing unauthorized access or modification of database content via SQL injection.

Advisories and further details are available in referenced sources, including GitHub issues at https://github.com/Fanli2012/native-php-cms/issues/10 and https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658, as well as VulDB entries at https://vuldb.com/?ctiid.291933, https://vuldb.com/?id.291933, and https://vuldb.com/?submit.475255.

The exploit has been publicly disclosed and may be used in attacks.

Details

CWE(s): CWE-74 CWE-89

Affected Products

native-php-cms project

native-php-cms

1.0

CVEs Like This One

CVE-2025-0489Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2025-0490Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2025-0482Same product: Native-Php-Cms Project Native-Php-Cms

CVE-2025-1379Shared CWE-74, CWE-89

CVE-2025-1820Shared CWE-74, CWE-89

CVE-2025-7185Shared CWE-74, CWE-89

CVE-2025-1167Shared CWE-74, CWE-89

CVE-2025-2646Shared CWE-74, CWE-89

CVE-2025-0788Shared CWE-74, CWE-89

CVE-2025-2037Shared CWE-74, CWE-89

References

https://github.com/Fanli2012/native-php-cms/issues/10
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.291933
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.291933
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.475255
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/Fanli2012/native-php-cms/issues/10
Exploit, Issue Tracking, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/Fanli2012/native-php-cms/issues/10#issue-2769983658
Exploit, Issue Tracking, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0