Cyber Resilience

CVE-2025-15458

MediumPublic PoC

Published: 05 January 2026

Published
05 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 39.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-15458 is a medium-severity Improper Authentication (CWE-287) vulnerability in 1234N Minicms. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2025-15458 is an improper authentication vulnerability (CWE-287) in bg5sbk MiniCMS versions up to 1.8. The issue resides in an unknown function within the file /mc-admin/post-edit.php of the Article Handler component. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites for exploitation.

The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required. Successful manipulation bypasses authentication controls, potentially granting unauthorized access to administrative functions related to article editing. This could enable attackers to modify, delete, or create content within the CMS, with low-level impacts on confidentiality, integrity, and availability.

Advisories from VulDB and a GitHub issue in ueh1013/VULN detail the vulnerability but provide no information on patches or vendor-supplied mitigations, as the vendor was contacted early for disclosure coordination yet did not respond. Security practitioners should isolate or decommission affected MiniCMS instances and monitor for exploitation attempts targeting the /mc-admin/post-edit.php endpoint.

The exploit has been publicly disclosed via the referenced GitHub issue and VulDB entries, making it readily available for use by threat actors. No evidence of active in-the-wild exploitation is noted in available sources.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely.…

more

The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-15458 is an improper authentication bypass in a public-facing web CMS (/mc-admin/post-edit.php), enabling unauthenticated remote exploitation for unauthorized admin access, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15457Same product: 1234N Minicms
CVE-2025-15456Same product: 1234N Minicms
CVE-2025-1044Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2026-7022Shared CWE-287
CVE-2024-13111Shared CWE-287
CVE-2026-29145Shared CWE-287
CVE-2018-25236Shared CWE-287
CVE-2024-53704Shared CWE-287
CVE-2024-57049Shared CWE-287

Affected Assets

1234n
minicms
≤ 1.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the improper authentication flaw in /mc-admin/post-edit.php to prevent exploitation of the Article Handler component.

prevent

Ensures robust identification and authentication for users accessing administrative functions, countering the authentication bypass vulnerability.

prevent

Enforces approved access authorizations to block unauthorized remote access to sensitive admin endpoints like post-edit.php.

References