Cyber Resilience

CVE-2025-22974

CriticalPublic PoC

Published: 24 February 2025

Published
24 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0087 75.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22974 is a critical-severity SQL Injection (CWE-89) vulnerability in Seacms Seacms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

SeaCMS versions 13.2 and earlier contain a SQL injection vulnerability in the phome.php component that is triggered through the DoTranExecSql parameter. The flaw is tracked as CVE-2025-22974, carries a CVSS v3.1 score of 9.8, and is classified under CWE-89. Successful exploitation permits an attacker to execute arbitrary code on the affected system.

A remote, unauthenticated attacker can supply a crafted request to the vulnerable parameter and achieve code execution without user interaction. The attack requires only network access and succeeds against any exposed instance running an affected version.

The single available reference is a GitHub repository containing technical details of the issue; no vendor advisory or patch information is provided in the supplied data. Exploitation probability remains low, with an EPSS score that reached a modest peak of 0.0213 before receding to the current value of 0.0087. No information on observed in-the-wild exploitation is available.

EU & UK References

Vulnerability details

SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection vulnerability in SeaCMS web application enables remote arbitrary code execution, directly mapping to exploitation of public-facing applications.

CVEs Like This One

CVE-2025-25520Same product: Seacms Seacms
CVE-2025-25513Same product: Seacms Seacms
CVE-2025-25519Same product: Seacms Seacms
CVE-2025-25516Same product: Seacms Seacms
CVE-2025-25517Same product: Seacms Seacms
CVE-2025-25521Same product: Seacms Seacms
CVE-2025-25515Same product: Seacms Seacms
CVE-2024-54880Same product: Seacms Seacms
CVE-2024-54879Same product: Seacms Seacms
CVE-2026-39334Shared CWE-89

Affected Assets

seacms
seacms
≤ 13.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of user inputs like the DoTranExecSql parameter to block SQL injection payloads.

prevent

Mandates timely identification, reporting, and remediation of the SQL injection flaw in the phome.php component to prevent exploitation.

prevent

Enables boundary protection mechanisms such as web application firewalls to inspect and block SQL injection attempts at external interfaces.

References