CVE-2025-1177
Published: 11 February 2025
Summary
CVE-2025-1177 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Xunruicms Xunruicms. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the specific deserialization flaw in XunRuiCMS 4.6.3, eliminating the vulnerability through patching.
Mandates validation of inputs to the import_add function to block malicious deserialization payloads stemming from improper input validation (CWE-20) and unsafe deserialization (CWE-502).
Enforces least privilege to restrict access to the vulnerable Admin/Linkage.php import_add function, reducing the number of low-privileged (PR:L) users who can trigger the remote deserialization attack.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability (CWE-502) in publicly exposed CMS admin endpoint (dayrui/Fcms/Control/Admin/Linkage.php) enables remote code execution via crafted input and POP chains, directly facilitating exploitation of public-facing applications.
NVD Description
A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been…
more
disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-1177 is a critical vulnerability in dayrui XunRuiCMS version 4.6.3, affecting the import_add function within the file dayrui/Fcms/Control/Admin/Linkage.php. The flaw stems from improper input validation (CWE-20) enabling deserialization (CWE-502), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2025-02-11.
The vulnerability can be exploited remotely by attackers possessing low privileges, such as authenticated users with admin access to the affected component, requiring no user interaction. Manipulation of the import_add function triggers deserialization, potentially allowing limited impacts on confidentiality, integrity, and availability.
Advisories are detailed in VulDB entries (ctiid.295080, id.295080, submit.495366), and the exploit has been publicly disclosed in a GitHub repository at stevenchen0x01/CVE2/blob/main/cve2.md, indicating it may be actively used.
Security practitioners should monitor for real-world exploitation, as the public disclosure of the exploit increases the risk of targeted attacks on unpatched XunRuiCMS instances.
Details
- CWE(s)