Cyber Resilience

CVE-2025-2132

MediumPublic PoC

Published: 09 March 2025

Published
09 March 2025
Modified
11 March 2025
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 17.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2132 is a medium-severity Injection (CWE-74) vulnerability in Ftcms Ftcms. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Server Software Component (T1505); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2132 is a SQL injection vulnerability classified as critical in ftcms version 2.1. The issue affects an unknown function within the file /admin/index.php/web/ajax_all_lists of the Search component, where manipulation of the "name" argument enables the injection. It carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection).

The vulnerability can be exploited remotely by attackers with high privileges (PR:H), such as authenticated administrators, requiring low attack complexity and no user interaction. Successful exploitation allows limited impacts: low confidentiality (C:L) via potential data disclosure, low integrity (I:L) through data modification, and low availability (A:L) disruption.

Advisories from VulDB detail the issue, noting public disclosure of an exploit and early vendor notification without response. References include a GitHub issue at https://github.com/ahieafe/zpp/issues/2 and VulDB entries at https://vuldb.com/?ctiid.299052, https://vuldb.com/?id.299052, and https://vuldb.com/?submit.511614; no patches or mitigations are mentioned.

The exploit has been publicly disclosed and may be actively used, with no vendor remediation available as of publication on 2025-03-09.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the…

more

attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505 Server Software Component Persistence
Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

The SQL injection vulnerability in the ftCMS admin search endpoint (/admin/index.php/web/ajax_all_lists) enables exploitation of a server software component (T1505) and facilitates unauthorized data collection from the database (T1213.006).

CVEs Like This One

CVE-2025-2054Shared CWE-74, CWE-89
CVE-2025-1173Shared CWE-74, CWE-89
CVE-2025-0410Shared CWE-74, CWE-89
CVE-2025-2034Shared CWE-74, CWE-89
CVE-2025-0486Shared CWE-74, CWE-89
CVE-2025-1185Shared CWE-74, CWE-89
CVE-2025-2389Shared CWE-74, CWE-89
CVE-2025-0558Shared CWE-74, CWE-89
CVE-2025-2391Shared CWE-74, CWE-89
CVE-2025-2066Shared CWE-74, CWE-89

Affected Assets

ftcms
ftcms
2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by requiring validation and sanitization of the manipulable 'name' argument in the Search component.

prevent

Mandates timely identification, reporting, and correction of flaws like this unpatched SQL injection vulnerability.

detect

Enables detection of the SQL injection vulnerability through regular monitoring and scanning of the affected ftcms application.

References