CVE-2025-1891

MediumPublic PoC

Published: 04 March 2025

Published

04 March 2025

Modified

28 August 2025

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score 0.0030 53.6th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1891 is a medium-severity CSRF (CWE-352) vulnerability in Qzw1210 Shishuocms. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 directly mitigates this CVE by requiring identification, reporting, and correction of the specific CSRF flaw in shishuocms 1.1.

SC-23 Session Authenticity good match

prevent

SC-23 requires mechanisms to protect the authenticity of communications sessions, directly countering CSRF attacks that forge requests on behalf of authenticated users.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs, including anti-CSRF tokens, to block forged requests exploiting this vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CSRF vulnerability in public-facing web CMS enables exploitation of public-facing applications to perform unauthorized actions via crafted requests.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may…

be used.

Deeper analysisAI

CVE-2025-1891 is a cross-site request forgery (CSRF) vulnerability, classified as problematic, affecting shishuocms version 1.1. The issue impacts some unknown processing within the software and is associated with CWE-352 (Cross-Site Request Forgery) and CWE-862 (Missing Authorization). It carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no required privileges, and user interaction needed.

An attacker can exploit this vulnerability remotely by manipulating a victim into submitting a malicious request, such as via a crafted link or form on a malicious site. No attacker privileges are required, but the victim must be authenticated to shishuocms and interact with the attacker's payload. Successful exploitation enables limited integrity impacts, potentially allowing unauthorized actions on the victim's behalf without affecting confidentiality or availability.

References from VulDB and a GitHub repository document the vulnerability, noting that the exploit has been publicly disclosed and may be used. No specific patches, vendor advisories, or mitigation guidance are detailed in the provided sources.