Cyber Resilience

CVE-2025-1177

MediumPublic PoC

Published: 11 February 2025

Published
11 February 2025
Modified
20 February 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 42.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1177 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Xunruicms Xunruicms. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1177 is a critical vulnerability in dayrui XunRuiCMS version 4.6.3, affecting the import_add function within the file dayrui/Fcms/Control/Admin/Linkage.php. The flaw stems from improper input validation (CWE-20) enabling deserialization (CWE-502), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2025-02-11.

The vulnerability can be exploited remotely by attackers possessing low privileges, such as authenticated users with admin access to the affected component, requiring no user interaction. Manipulation of the import_add function triggers deserialization, potentially allowing limited impacts on confidentiality, integrity, and availability.

Advisories are detailed in VulDB entries (ctiid.295080, id.295080, submit.495366), and the exploit has been publicly disclosed in a GitHub repository at stevenchen0x01/CVE2/blob/main/cve2.md, indicating it may be actively used.

Security practitioners should monitor for real-world exploitation, as the public disclosure of the exploit increases the risk of targeted attacks on unpatched XunRuiCMS instances.

EU & UK References

Vulnerability details

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been…

more

disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization vulnerability (CWE-502) in publicly exposed CMS admin endpoint (dayrui/Fcms/Control/Admin/Linkage.php) enables remote code execution via crafted input and POP chains, directly facilitating exploitation of public-facing applications.

CVEs Like This One

CVE-2025-1186Same product: Xunruicms Xunruicms
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502
CVE-2025-0734Shared CWE-20, CWE-502
CVE-2025-2855Shared CWE-20, CWE-502
CVE-2025-0841Shared CWE-20, CWE-502
CVE-2025-2690Shared CWE-20, CWE-502

Affected Assets

xunruicms
xunruicms
4.6.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the specific deserialization flaw in XunRuiCMS 4.6.3, eliminating the vulnerability through patching.

prevent

Mandates validation of inputs to the import_add function to block malicious deserialization payloads stemming from improper input validation (CWE-20) and unsafe deserialization (CWE-502).

prevent

Enforces least privilege to restrict access to the vulnerable Admin/Linkage.php import_add function, reducing the number of low-privileged (PR:L) users who can trigger the remote deserialization attack.

References