CVE-2025-1335

MediumPublic PoC

Published: 16 February 2025

Published

16 February 2025

Modified

28 February 2025

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0010 26.7th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1335 is a medium-severity Path Traversal (CWE-22) vulnerability in Cmseasy Cmseasy. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 26.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes the imgname argument in deleteimg_action to block path traversal beyond intended directories.

SI-2 Flaw Remediation good match

prevent

Remediates the specific path traversal flaw in lib/admin/file_admin.php through timely patching or code correction.

AC-3 Access Enforcement partial match

prevent

Enforces authorized access to files, denying traversal attempts to unauthorized directories even if input validation partially fails.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

Why these techniques?

Path traversal in file_admin.php directly enables unauthorized local file access (T1005) and directory/file enumeration (T1083) by an authenticated remote attacker.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The…

exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-1335 is a path traversal vulnerability classified under CWE-22 in CmsEasy version 7.7.7.9. The flaw resides in the deleteimg_action function within the library lib/admin/file_admin.php, where manipulation of the imgname argument enables attackers to traverse directory paths beyond the intended boundaries.

With a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), the vulnerability can be exploited remotely by an authenticated attacker possessing low privileges. Exploitation requires network access and low attack complexity with no user interaction, allowing limited disclosure of confidential information through unauthorized file access.

Advisories referenced in VulDB entries and a GitHub repository detail the public disclosure of an exploit. The vendor was contacted early about the issue but provided no response, leaving no official patches or mitigation guidance available.