CVE-2025-0802

HighPublic PoC

Published: 29 January 2025

Published

29 January 2025

Modified

10 February 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 19.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0802 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Mayurik Best Employee Management System. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations on administrative endpoints like /admin/View_user.php, preventing unauthorized remote access due to improper access controls.

AC-6 Least Privilege good match

prevent

Implements least privilege to counter CWE-266 incorrect privilege assignment, limiting impacts of bypassed controls in the administrative component.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly defines and restricts actions permitted without identification or authentication, mitigating unauthenticated (PR:N) exploitation of the vulnerable endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1087 Account Discovery Discovery

Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment.

attack.mitre.org →

T1136 Create Account Persistence

Adversaries may create an account to maintain access to victim systems.

attack.mitre.org →

T1531 Account Access Removal Impact

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.

attack.mitre.org →

Why these techniques?

Unauthenticated remote access to /admin/View_user.php enables exploitation of public-facing application (T1190) and privilege escalation (T1068), allowing account discovery via user viewing (T1087), account creation (T1136), and account deletion/access removal (T1531).

NVD Description

A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack…

can be launched remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-0802 is a critical vulnerability involving improper access controls in an unknown functionality of the /admin/View_user.php file within the Administrative Endpoint component of SourceCodester Best Employee Management System 1.0. Published on 2025-01-29, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-266 (Incorrect Privilege Assignment) and CWE-284 (Improper Access Control).

The vulnerability enables remote exploitation without requiring authentication, user interaction, or elevated privileges, allowing attackers with network access to manipulate the affected endpoint and bypass access controls. Successful exploitation can result in low-level impacts to confidentiality, integrity, and availability, potentially granting unauthorized access to administrative functions or sensitive user data.

Advisories referenced in VulDB entries (ctiid.293923, id.293923, submit.485005) and a GitHub repository (theanm0l/VulnDB) document the issue, with the exploit disclosed publicly and available for use; the vendor site at sourcecodester.com provides context on the software but no specific patch details are outlined in the available information.

The public disclosure of the exploit highlights increased risk for unpatched instances of this employee management system.

Details

CWE(s): CWE-266 CWE-284 NVD-CWE-noinfo

Affected Products

mayurik

best employee management system

1.0

CVEs Like This One

CVE-2025-1593Same product: Mayurik Best Employee Management System

CVE-2025-1606Same product: Mayurik Best Employee Management System

CVE-2025-2046Same product: Mayurik Best Employee Management System

CVE-2026-1702Same vendor: Mayurik

CVE-2025-1598Same vendor: Mayurik

CVE-2025-1872Same vendor: Mayurik

CVE-2025-1873Same vendor: Mayurik

CVE-2025-1874Same vendor: Mayurik

CVE-2025-1871Same vendor: Mayurik

CVE-2025-1875Same vendor: Mayurik

References

https://github.com/theanm0l/VulnDB/blob/main/Improper%20Authorization.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.293923
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.293923
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.485005
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.sourcecodester.com/
Product · cna@vuldb.com