CVE-2025-15422
Published: 02 January 2026
Summary
CVE-2025-15422 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Phome Empirecms. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Implements a reliable, tamperproof protection mechanism whose completeness can be assured.
Procedures for training on protection mechanisms reduce the chance of protection mechanism failures being present or exploitable.
Documented procedures to implement assessment, authorization, and monitoring controls prevent these protection mechanisms from failing due to undefined processes.
Direct evaluation of whether controls produce desired security outcomes detects protection mechanism failures and enables remediation.
Requires assessment that protection mechanisms are correctly implemented and producing intended security outcomes.
The POA&M process ensures identified weaknesses in protection mechanisms are documented and scheduled for remediation, reducing the duration they remain exploitable.
Ongoing control assessments and analysis of monitoring data enable timely detection and response when protection mechanisms fail.
Impact analysis identifies changes that could weaken or disable existing protection mechanisms.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated exploit of public-facing CMS IP handler component (protection bypass).
NVD Description
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The…
more
exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-15422 is a vulnerability in EmpireSoft EmpireCMS versions up to 8.0, affecting the "egetip" function in the file e/class/connect.php within the IP Address Handler component. This flaw results in a protection mechanism failure, mapped to CWE-693. Published on 2026-01-02, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and limited impact to integrity.
Unauthenticated remote attackers can exploit this vulnerability by manipulating the IP Address Handler, leading to failure of protection mechanisms. Exploitation requires no privileges and can be performed over the network with low complexity, potentially allowing integrity violations such as improper IP handling or bypassing related safeguards.
Advisories referenced in VulDB entries (ctiid.339344, id.339344, submit.721344) and a proof-of-concept at note-hxlab.wetolink.com detail the issue, confirming remote exploitability. The vendor was contacted early but provided no response, and no patches or official mitigations are mentioned.
A public exploit has been published and may be used in attacks.
Details
- CWE(s)