CVE-2025-1160
Published: 10 February 2025
Summary
CVE-2025-1160 is a medium-severity Use of Default Credentials (CWE-1392) vulnerability in Remyandrade Employee Management System. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 31.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2025-1160 is a critical vulnerability in SourceCodester Employee Management System 1.0, published on 2025-02-10. It affects an unknown functionality within the file index.php, where manipulation of the username and password arguments enables the use of default credentials. The issue is classified under CWE-1392 and NVD-CWE-Other, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by any unauthenticated attacker requiring low attack complexity and no user interaction. Successful exploitation grants limited access via the default credentials, potentially allowing low-level impacts on confidentiality, integrity, and availability.
VulDB advisories (ctiid.295064, id.295064, and submit.493860) detail the vulnerability, while a proof-of-concept exploit has been publicly disclosed on GitHub at https://gist.github.com/jmx0hxq/0e9cde14b6e9190a7451cd72d7b23bfd. The vendor site is available at https://www.sourcecodester.com/. No specific patch or mitigation details are provided in the referenced sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2035
Vulnerability details
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials.…
more
The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct use of default credentials in a remotely accessible web application (index.php login) enables Initial Access via Valid Accounts (Default Accounts).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires changing default authenticators prior to first use, preventing exploitation of the hardcoded default username and password credentials in index.php.
Mandates management of accounts including disabling unnecessary or inactive default accounts and updating credentials to block unauthorized remote access.
Requires timely identification, reporting, and remediation of flaws like this default credentials vulnerability through patching or configuration changes.