Cyber Posture

CVE-2025-1113

MediumPublic PoC

Published: 07 February 2025

Published
07 February 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0015 34.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1113 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Taisan Tarzan-Cms. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly implements input validation mechanisms at the upload endpoint to prevent deserialization of untrusted data in the Add Theme Handler.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, testing, and installation of patches for the specific deserialization flaw in Tarzan-CMS up to version 1.0.0.

SI-9 Information Input Restrictions good match
prevent

Restricts uploaded theme files to approved types and formats at the /admin#themes boundary to block malicious deserialization payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct server-side deserialization flaw in a web CMS upload handler enables remote exploitation of a public-facing application by low-privileged authenticated users.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may…

more

be initiated remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-1113 is a deserialization vulnerability affecting Taisan Tarzan-CMS versions up to 1.0.0. The flaw exists in the upload function of the /admin#themes endpoint within the Add Theme Handler component. Published on 2025-02-07T22:15:14.283, it has been rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs 20 (Improper Input Validation) and 502 (Deserialization of Untrusted Data).

A remote attacker with low privileges can exploit the vulnerability by manipulating the upload function, triggering deserialization. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption within the affected scope.

Advisories and additional details are available at https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J, https://vuldb.com/?ctiid.295019, and https://vuldb.com/?id.295019. The exploit has been publicly disclosed and may be used by attackers.

Details

CWE(s)
CWE-20CWE-502

Affected Products

taisan
tarzan-cms
1.0.0

CVEs Like This One

CVE-2025-15438Shared CWE-20, CWE-502
CVE-2025-8227Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2025-11345Shared CWE-20, CWE-502
CVE-2025-2855Shared CWE-20, CWE-502
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-0841Shared CWE-20, CWE-502
CVE-2025-7876Shared CWE-20, CWE-502
CVE-2026-4860Shared CWE-20, CWE-502
CVE-2025-2043Shared CWE-20, CWE-502

References