CVE-2025-15422
Published: 02 January 2026
Summary
CVE-2025-15422 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Phome Empirecms. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-15422 is a vulnerability in EmpireSoft EmpireCMS versions up to 8.0, affecting the "egetip" function in the file e/class/connect.php within the IP Address Handler component. This flaw results in a protection mechanism failure, mapped to CWE-693. Published on 2026-01-02, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and limited impact to integrity.
Unauthenticated remote attackers can exploit this vulnerability by manipulating the IP Address Handler, leading to failure of protection mechanisms. Exploitation requires no privileges and can be performed over the network with low complexity, potentially allowing integrity violations such as improper IP handling or bypassing related safeguards.
Advisories referenced in VulDB entries (ctiid.339344, id.339344, submit.721344) and a proof-of-concept at note-hxlab.wetolink.com detail the issue, confirming remote exploitability. The vendor was contacted early but provided no response, and no patches or official mitigations are mentioned.
A public exploit has been published and may be used in attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0723
Vulnerability details
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The…
more
exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated exploit of public-facing CMS IP handler component (protection bypass).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access decisions; the egetip flaw in the IP handler allows unauthenticated bypass of protection logic that AC-3 is intended to implement.
Requires validation of all input (including client-supplied IP data) before it is used in security decisions, directly blocking the manipulation that triggers the protection-mechanism failure.
Enforces information-flow rules based on security attributes such as source IP; the CVE is a failure of exactly this type of flow control in EmpireCMS.