CVE-2025-15226
Published: 29 December 2025
Summary
CVE-2025-15226 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sun.Net Wmpro. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-15226 is an arbitrary file upload vulnerability in WMPro, a product developed by Sunnet. The flaw enables unauthenticated remote attackers to upload web shell backdoors and execute them, resulting in arbitrary code execution on the server. It is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact on confidentiality, integrity, and availability.
Any unauthenticated attacker with network access can exploit this vulnerability without requiring privileges, user interaction, or complex conditions. Successful exploitation allows attackers to upload malicious files, execute web shells, and achieve full remote code execution on the server, potentially leading to complete system compromise, data theft, or further lateral movement.
Advisories from Taiwan CERT (TWCERT) provide details on the vulnerability at https://www.twcert.org.tw/en/cp-139-10603-67149-2.html and https://www.twcert.org.tw/tw/cp-132-10602-c1c69-1.html, which security practitioners should consult for recommended mitigations and patches.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205558
Vulnerability details
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote exploitation of a public-facing web application (T1190) to upload and execute web shells (T1100), directly enabling arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the arbitrary file upload vulnerability by requiring timely application of patches or updates specific to CVE-2025-15226.
Validates the format, type, and content of uploaded files to block dangerous web shells and prevent unrestricted file uploads.
Enforces access control policies requiring authentication for file upload endpoints, blocking unauthenticated remote attackers.