CVE-2025-22978

CriticalPublic PoC

Published: 03 February 2025

Published

03 February 2025

Modified

20 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0051 66.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22978 is a critical-severity Injection (CWE-74) vulnerability in Eladmin Eladmin. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation, directly addressing the CSV injection vulnerability through application of the vendor patch in the exception log download module.

SI-15 Information Output Filtering good match

prevent

SI-15 mandates filtering of information outputs, preventing malicious payloads from being injected into CSV exception log downloads.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 restricts permitted actions without identification or authentication, blocking unauthenticated remote access to the vulnerable exception log download module.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing web app to inject malicious payloads into downloadable CSV logs; when opened, this facilitates delivery and execution of malicious file on client system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.

Deeper analysisAI

CVE-2025-22978 is a CSV Injection vulnerability affecting eladmin versions 2.7 and earlier, specifically in the exception log download module. Published on 2025-02-03, this issue falls under CWE-74 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impacts across confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation allows adversaries to inject malicious payloads into the CSV output, potentially leading to high-level compromise of systems that process the downloaded logs.

Mitigation is provided through a patch in the commit at https://github.com/elunez/eladmin/commit/d6a16e9afc0a3b96a56f1a24ed167e1beec6ce2f. Additional details on the vulnerability are documented in the GitHub issue at https://github.com/elunez/eladmin/issues/863.