CVE-2025-0841

High

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0017 37.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0841 is a high-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the deserialization vulnerability by requiring timely identification, reporting, and correction through upgrading the affected Aridius XYZ component as recommended.

SI-10 Information Input Validation good match

prevent

Prevents remote exploitation of the unsafe deserialization in the loadMore function by enforcing validation of untrusted inputs using organization-defined tools and procedures.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Identifies the critical deserialization vulnerability in Aridius XYZ through regular vulnerability scanning, enabling proactive remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated deserialization flaw in public-facing OpenCart component directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit…

has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Deeper analysisAI

CVE-2025-0841 is a critical deserialization vulnerability (CWE-20, CWE-502) affecting Aridius XYZ versions up to 20240927, a component running on OpenCart. The issue resides in the loadMore function of the News component, where remote manipulation triggers unsafe deserialization.

The vulnerability enables remote exploitation over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing scope (S:U). Successful attacks can result in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding an overall CVSS 3.1 score of 7.3.

Advisories, including those from VulDB, recommend upgrading the affected Aridius XYZ component to mitigate the issue. A public exploit has been disclosed, with a proof-of-concept available on a GitHub Gist and further details on VulDB entries.

Details

CWE(s): CWE-20 CWE-502

CVEs Like This One

CVE-2025-15438Shared CWE-20, CWE-502

CVE-2025-8227Shared CWE-20, CWE-502

CVE-2025-1177Shared CWE-20, CWE-502

CVE-2025-11345Shared CWE-20, CWE-502

CVE-2025-2855Shared CWE-20, CWE-502

CVE-2025-0465Shared CWE-20, CWE-502

CVE-2025-7876Shared CWE-20, CWE-502

CVE-2025-1113Shared CWE-20, CWE-502

CVE-2026-4860Shared CWE-20, CWE-502

CVE-2025-2043Shared CWE-20, CWE-502

References

https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
cna@vuldb.com
https://vuldb.com/?ctiid.293998
cna@vuldb.com
https://vuldb.com/?id.293998
cna@vuldb.com
https://vuldb.com/?submit.485445
cna@vuldb.com