Cyber Resilience

CVE-2025-22923

High

Published: 02 April 2025

Published
02 April 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0132 80.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22923 is a high-severity Path Traversal (CWE-22) vulnerability in Os4Ed Opensis. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked in the top 19.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2025-22923 is a path traversal vulnerability affecting OS4ED openSIS versions 8.0 through 9.1. The flaw exists in the staff user module and allows directory traversal during file removal operations when a crafted POST request is sent to the endpoint /Modules.php?modname=users/Staff.php&removefile. It is tracked under CWE-22 and carries a CVSS 3.1 score of 8.8.

An authenticated attacker with low privileges can exploit the issue remotely with low attack complexity and no user interaction required. Successful exploitation enables deletion of arbitrary files on the server, producing high impact across confidentiality, integrity, and availability.

Public references consist of the openSIS project repository and a vulnerability-research repository that documents the finding; no official advisories or patch information are included in the provided sources. The associated EPSS scores remain low, with a current value of 0.0132 and a recorded peak of 0.0190.

EU & UK References

Vulnerability details

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables exploitation of a public-facing web application (T1190) via directory traversal to perform arbitrary file deletion (T1070.004) for indicator removal.

Affected Assets

os4ed
opensis
8.0 — 9.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References