CVE-2025-22974
Published: 24 February 2025
Summary
CVE-2025-22974 is a critical-severity SQL Injection (CWE-89) vulnerability in Seacms Seacms. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
SeaCMS versions 13.2 and earlier contain a SQL injection vulnerability in the phome.php component that is triggered through the DoTranExecSql parameter. The flaw is tracked as CVE-2025-22974, carries a CVSS v3.1 score of 9.8, and is classified under CWE-89. Successful exploitation permits an attacker to execute arbitrary code on the affected system.
A remote, unauthenticated attacker can supply a crafted request to the vulnerable parameter and achieve code execution without user interaction. The attack requires only network access and succeeds against any exposed instance running an affected version.
The single available reference is a GitHub repository containing technical details of the issue; no vendor advisory or patch information is provided in the supplied data. Exploitation probability remains low, with an EPSS score that reached a modest peak of 0.0213 before receding to the current value of 0.0087. No information on observed in-the-wild exploitation is available.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4262
Vulnerability details
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection vulnerability in SeaCMS web application enables remote arbitrary code execution, directly mapping to exploitation of public-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of user inputs like the DoTranExecSql parameter to block SQL injection payloads.
Mandates timely identification, reporting, and remediation of the SQL injection flaw in the phome.php component to prevent exploitation.
Enables boundary protection mechanisms such as web application firewalls to inspect and block SQL injection attempts at external interfaces.