CVE-2025-2031

MediumPublic PoC

Published: 06 March 2025

Published

06 March 2025

Modified

12 May 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0009 25.9th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2031 is a medium-severity Improper Access Control (CWE-284) vulnerability in 1000Mz Chestnutcms. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents unrestricted file uploads by validating the 'file' argument for proper type, size, content, and dangerous extensions in the uploadFile function.

SI-9 Information Input Restrictions good match

prevent

Restricts the types and amounts of information that can be uploaded via the /dev-api/cms/file/upload endpoint to only authorized and safe files.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the specific flaw in ChestnutCMS uploadFile function enabling unrestricted uploads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

T1608.002 Upload Tool Resource Development

Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.

attack.mitre.org →

Why these techniques?

Unrestricted file upload vulnerability (CVE-2025-2031) in public-facing ChestnutCMS enables exploitation of public-facing applications (T1190), web shell deployment via uploaded malicious files (T1505.003), and staging tools (T1608.002) as noted in advisories.

NVD Description

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely.…

The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-2031 is a critical vulnerability in ChestnutCMS versions up to 1.5.2, affecting the uploadFile function in the /dev-api/cms/file/upload endpoint. By manipulating the 'file' argument, attackers can achieve unrestricted file upload. The issue maps to CWEs-284 (Improper Access Control), CWE-434 (Unrestricted Upload of File with Dangerous Type), and CWE-79 (Cross-site Scripting). It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-06.

The vulnerability enables remote exploitation by low-privileged users over the network with low attack complexity and no user interaction required. Attackers can upload arbitrary files, potentially compromising confidentiality, integrity, and availability at a low impact level due to the scope remaining unchanged.

Advisories and further details are documented in references such as https://github.com/IceFoxH/VULN/issues/6 and VulDB entries (https://vuldb.com/?ctiid.298773, https://vuldb.com/?id.298773, https://vuldb.com/?submit.512029). The exploit has been publicly disclosed and may be actively used.

Details

CWE(s): CWE-284 CWE-434 CWE-79

Affected Products

1000mz

chestnutcms

1.5.2

CVEs Like This One

CVE-2024-57450Same product: 1000Mz Chestnutcms

CVE-2025-70073Same product: 1000Mz Chestnutcms

CVE-2024-56828Same product: 1000Mz Chestnutcms

CVE-2025-2917Same product: 1000Mz Chestnutcms

CVE-2024-57451Same product: 1000Mz Chestnutcms

CVE-2024-57452Same product: 1000Mz Chestnutcms

CVE-2025-0335Shared CWE-284, CWE-434

CVE-2025-7538Shared CWE-284, CWE-434

CVE-2025-0346Shared CWE-284, CWE-434

CVE-2025-7939Shared CWE-284, CWE-434

References

https://github.com/IceFoxH/VULN/issues/6
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.298773
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.298773
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.512029
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/IceFoxH/VULN/issues/6
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0