Cyber Posture

CVE-2025-1393

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0063 70.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1393 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Certvde (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates this CVE by requiring timely identification, reporting, and correction of the hard-coded credentials flaw through patching as detailed in the advisory.

IA-5 Authenticator Management good match
prevent

Prevents exploitation of hard-coded credentials by mandating proper authenticator management, including changing defaults and protecting against unauthorized use.

AC-2 Account Management partial match
prevent

Reduces risk by requiring management of all accounts to disable unnecessary privileged ones and ensure unique authenticators, addressing potential hard-coded admin accounts.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

The vulnerability description directly describes remote unauthenticated exploitation of a public-facing product via hardcoded credentials to obtain full administrative access, mapping to T1190 for the exploitation method and T1078 for leveraging the resulting valid accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.

Deeper analysisAI

CVE-2025-1393 is a critical vulnerability (CVSS 3.1 score of 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) published on 2025-03-05, stemming from the use of hard-coded credentials (CWE-798) in the affected product. It enables an unauthenticated remote attacker to gain full administration privileges without requiring prior authentication or user interaction.

An unauthenticated attacker with network access to the affected product can exploit this vulnerability by leveraging the hard-coded credentials. Successful exploitation grants complete administrative control, resulting in high impacts to confidentiality, integrity, and availability.

The advisory at https://certvde.com/en/advisories/VDE-2025-021 provides further details on mitigation and patches for this vulnerability.

Details

CWE(s)
CWE-798

Affected Products

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-8857Shared CWE-798
CVE-2025-2538Shared CWE-798
CVE-2025-37103Shared CWE-798
CVE-2026-29023Shared CWE-798
CVE-2025-11126Shared CWE-798
CVE-2024-9334Shared CWE-798
CVE-2020-36911Shared CWE-798
CVE-2026-28255Shared CWE-798
CVE-2026-27073Shared CWE-798
CVE-2026-32834Shared CWE-798

References