Cyber Resilience

CVE-2025-1335

MediumPublic PoC

Published: 16 February 2025

Published
16 February 2025
Modified
28 February 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1335 is a medium-severity Path Traversal (CWE-22) vulnerability in Cmseasy Cmseasy. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1335 is a path traversal vulnerability classified under CWE-22 in CmsEasy version 7.7.7.9. The flaw resides in the deleteimg_action function within the library lib/admin/file_admin.php, where manipulation of the imgname argument enables attackers to traverse directory paths beyond the intended boundaries.

With a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), the vulnerability can be exploited remotely by an authenticated attacker possessing low privileges. Exploitation requires network access and low attack complexity with no user interaction, allowing limited disclosure of confidential information through unauthorized file access.

Advisories referenced in VulDB entries and a GitHub repository detail the public disclosure of an exploit. The vendor was contacted early about the issue but provided no response, leaving no official patches or mitigation guidance available.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The…

more

exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

Path traversal in file_admin.php directly enables unauthorized local file access (T1005) and directory/file enumeration (T1083) by an authenticated remote attacker.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1336Same product: Cmseasy Cmseasy
CVE-2021-47849Shared CWE-22
CVE-2024-57784Shared CWE-22
CVE-2025-68953Shared CWE-22
CVE-2026-44973Shared CWE-22
CVE-2026-34911Shared CWE-22
CVE-2025-60946Shared CWE-22
CVE-2026-6024Shared CWE-22
CVE-2025-67160Shared CWE-22
CVE-2026-49128Shared CWE-22

Affected Assets

cmseasy
cmseasy
7.7.7.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes the imgname argument in deleteimg_action to block path traversal beyond intended directories.

prevent

Remediates the specific path traversal flaw in lib/admin/file_admin.php through timely patching or code correction.

prevent

Enforces authorized access to files, denying traversal attempts to unauthorized directories even if input validation partially fails.

References