Cyber Resilience

CVE-2025-1113

MediumPublic PoC

Published: 07 February 2025

Published
07 February 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 34.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1113 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Taisan Tarzan-Cms. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1113 is a deserialization vulnerability affecting Taisan Tarzan-CMS versions up to 1.0.0. The flaw exists in the upload function of the /admin#themes endpoint within the Add Theme Handler component. Published on 2025-02-07T22:15:14.283, it has been rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs 20 (Improper Input Validation) and 502 (Deserialization of Untrusted Data).

A remote attacker with low privileges can exploit the vulnerability by manipulating the upload function, triggering deserialization. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption within the affected scope.

Advisories and additional details are available at https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J, https://vuldb.com/?ctiid.295019, and https://vuldb.com/?id.295019. The exploit has been publicly disclosed and may be used by attackers.

EU & UK References

Vulnerability details

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may…

more

be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct server-side deserialization flaw in a web CMS upload handler enables remote exploitation of a public-facing application by low-privileged authenticated users.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502
CVE-2025-0734Shared CWE-20, CWE-502
CVE-2025-2855Shared CWE-20, CWE-502
CVE-2025-1186Shared CWE-20, CWE-502
CVE-2025-0841Shared CWE-20, CWE-502
CVE-2025-2690Shared CWE-20, CWE-502

Affected Assets

taisan
tarzan-cms
1.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements input validation mechanisms at the upload endpoint to prevent deserialization of untrusted data in the Add Theme Handler.

prevent

Ensures timely identification, testing, and installation of patches for the specific deserialization flaw in Tarzan-CMS up to version 1.0.0.

prevent

Restricts uploaded theme files to approved types and formats at the /admin#themes boundary to block malicious deserialization payloads.

References