Cyber Resilience

CVE-2025-2031

MediumPublic PoC

Published: 06 March 2025

Published
06 March 2025
Modified
12 May 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 26.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2031 is a medium-severity Improper Access Control (CWE-284) vulnerability in 1000Mz Chestnutcms. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2031 is a critical vulnerability in ChestnutCMS versions up to 1.5.2, affecting the uploadFile function in the /dev-api/cms/file/upload endpoint. By manipulating the 'file' argument, attackers can achieve unrestricted file upload. The issue maps to CWEs-284 (Improper Access Control), CWE-434 (Unrestricted Upload of File with Dangerous Type), and CWE-79 (Cross-site Scripting). It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-06.

The vulnerability enables remote exploitation by low-privileged users over the network with low attack complexity and no user interaction required. Attackers can upload arbitrary files, potentially compromising confidentiality, integrity, and availability at a low impact level due to the scope remaining unchanged.

Advisories and further details are documented in references such as https://github.com/IceFoxH/VULN/issues/6 and VulDB entries (https://vuldb.com/?ctiid.298773, https://vuldb.com/?id.298773, https://vuldb.com/?submit.512029). The exploit has been publicly disclosed and may be actively used.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely.…

more

The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1608.002 Upload Tool Resource Development
Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

Unrestricted file upload vulnerability (CVE-2025-2031) in public-facing ChestnutCMS enables exploitation of public-facing applications (T1190), web shell deployment via uploaded malicious files (T1505.003), and staging tools (T1608.002) as noted in advisories.

CVEs Like This One

CVE-2024-57450Same product: 1000Mz Chestnutcms
CVE-2025-70073Same product: 1000Mz Chestnutcms
CVE-2024-56828Same product: 1000Mz Chestnutcms
CVE-2025-2917Same product: 1000Mz Chestnutcms
CVE-2024-57451Same product: 1000Mz Chestnutcms
CVE-2024-57452Same product: 1000Mz Chestnutcms
CVE-2024-13138Shared CWE-284, CWE-434
CVE-2025-7939Shared CWE-284, CWE-434
CVE-2025-0335Shared CWE-284, CWE-434
CVE-2025-9296Shared CWE-284, CWE-434

Affected Assets

1000mz
chestnutcms
1.5.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents unrestricted file uploads by validating the 'file' argument for proper type, size, content, and dangerous extensions in the uploadFile function.

prevent

Restricts the types and amounts of information that can be uploaded via the /dev-api/cms/file/upload endpoint to only authorized and safe files.

prevent

Requires timely identification, reporting, and correction of the specific flaw in ChestnutCMS uploadFile function enabling unrestricted uploads.

References