Cyber Resilience

CVE-2025-1847

MediumPublic PoC

Published: 03 March 2025

Published
03 March 2025
Modified
26 May 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 41.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1847 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Zframeworks Zz. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1847 is a critical improper authorization vulnerability (CWE-266, CWE-285) discovered in zj1983 zz up to version 2024-8. The issue affects some unknown processing within the software, enabling manipulation that bypasses authorization controls. Published on 2025-03-03, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability allows remote exploitation by an attacker possessing low privileges, such as an authenticated user, with low attack complexity and no requirement for user interaction. Successful exploitation can result in low impacts to confidentiality, integrity, and availability, potentially allowing limited unauthorized actions within the affected processing.

Advisories note that the exploit has been publicly disclosed and may be actively used. The vendor was contacted early regarding the issue but provided no response, and no patches or specific mitigations are detailed in available references, which include VulDB entries and GitHub documentation.

Notable context includes the public availability of the exploit, increasing the risk of real-world abuse, with no reported patches from the unresponsive vendor.

EU & UK References

Vulnerability details

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to…

more

the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Why these techniques?

The improper authorization vulnerability (CWE-285) enables vertical privilege escalation (T1068) from ordinary users to administrator privileges and facilitates account manipulation (T1098) by allowing modification, deletion, or addition of administrator information remotely.

CVEs Like This One

CVE-2025-1832Same product: Zframeworks Zz
CVE-2025-1818Same product: Zframeworks Zz
CVE-2025-1849Same product: Zframeworks Zz
CVE-2025-1831Same product: Zframeworks Zz
CVE-2025-1812Same product: Zframeworks Zz
CVE-2025-1833Same product: Zframeworks Zz
CVE-2025-1820Same product: Zframeworks Zz
CVE-2025-1821Same product: Zframeworks Zz
CVE-2025-1848Same product: Zframeworks Zz
CVE-2025-1834Same product: Zframeworks Zz

Affected Assets

zframeworks
zz
≤ 2024-8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 mandates enforcement of approved authorizations for logical access to system resources in real time, directly mitigating the improper authorization bypass in the vulnerable processing.

prevent

AC-6 enforces least privilege restrictions, limiting the scope and impact of unauthorized actions by low-privileged attackers exploiting the authorization flaw.

preventrecover

SI-2 requires identification, reporting, and timely remediation of critical flaws like this improper authorization vulnerability, including patching or compensatory controls despite vendor unresponsiveness.

References