Cyber Resilience

CVE-2025-15422

MediumPublic PoC

Published: 02 January 2026

Published
02 January 2026
Modified
07 January 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15422 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Phome Empirecms. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-15422 is a vulnerability in EmpireSoft EmpireCMS versions up to 8.0, affecting the "egetip" function in the file e/class/connect.php within the IP Address Handler component. This flaw results in a protection mechanism failure, mapped to CWE-693. Published on 2026-01-02, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and limited impact to integrity.

Unauthenticated remote attackers can exploit this vulnerability by manipulating the IP Address Handler, leading to failure of protection mechanisms. Exploitation requires no privileges and can be performed over the network with low complexity, potentially allowing integrity violations such as improper IP handling or bypassing related safeguards.

Advisories referenced in VulDB entries (ctiid.339344, id.339344, submit.721344) and a proof-of-concept at note-hxlab.wetolink.com detail the issue, confirming remote exploitability. The vendor was contacted early but provided no response, and no patches or official mitigations are mentioned.

A public exploit has been published and may be used in attacks.

EU & UK References

Vulnerability details

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The…

more

exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated exploit of public-facing CMS IP handler component (protection bypass).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15423Same product: Phome Empirecms
CVE-2024-55024Shared CWE-693
CVE-2025-40536Shared CWE-693
CVE-2026-41316Shared CWE-693
CVE-2025-27665Shared CWE-693
CVE-2025-43728Shared CWE-693
CVE-2026-22753Shared CWE-693
CVE-2026-34938Shared CWE-693
CVE-2026-45102Shared CWE-693
CVE-2025-48626Shared CWE-693

Affected Assets

phome
empirecms
≤ 8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access decisions; the egetip flaw in the IP handler allows unauthenticated bypass of protection logic that AC-3 is intended to implement.

prevent

Requires validation of all input (including client-supplied IP data) before it is used in security decisions, directly blocking the manipulation that triggers the protection-mechanism failure.

prevent

Enforces information-flow rules based on security attributes such as source IP; the CVE is a failure of exactly this type of flow control in EmpireCMS.

References