Cyber Resilience

CVE-2025-1393

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0061 70.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1393 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Certvde (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1393 is a use of hard-coded credentials vulnerability (CWE-798) that affects an unspecified product. An unauthenticated remote attacker can leverage the embedded credentials to obtain full administrative privileges, reflected in the CVSS 9.8 score indicating network-exploitable impact on confidentiality, integrity, and availability without any required authentication or user interaction.

Any remote attacker with network access to the affected product can exploit the flaw to achieve complete administrative control. The published description explicitly states that no authentication is needed, enabling straightforward remote takeover.

The single referenced advisory at certvde.com provides vendor guidance on the issue, though specific mitigation steps such as credential removal or patch availability are not detailed in the supplied information.

EPSS values show a rise from a low baseline to a recorded peak of 0.0119 before settling at the current 0.0061, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

The vulnerability description directly describes remote unauthenticated exploitation of a public-facing product via hardcoded credentials to obtain full administrative access, mapping to T1190 for the exploitation method and T1078 for leveraging the resulting valid accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-8857Shared CWE-798
CVE-2025-37103Shared CWE-798
CVE-2025-2538Shared CWE-798
CVE-2026-29023Shared CWE-798
CVE-2026-9139Shared CWE-798
CVE-2025-42890Shared CWE-798
CVE-2020-36911Shared CWE-798
CVE-2026-28255Shared CWE-798
CVE-2026-35503Shared CWE-798
CVE-2024-9334Shared CWE-798

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates this CVE by requiring timely identification, reporting, and correction of the hard-coded credentials flaw through patching as detailed in the advisory.

prevent

Prevents exploitation of hard-coded credentials by mandating proper authenticator management, including changing defaults and protecting against unauthorized use.

prevent

Reduces risk by requiring management of all accounts to disable unnecessary privileged ones and ensure unique authenticators, addressing potential hard-coded admin accounts.

References