Cyber Posture

CVE-2025-23410

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 60.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23410 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Cisa (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of uploaded archive files to block path traversal sequences during unzipping and inspection in GMOD Apollo.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the specific path traversal flaw in GMOD Apollo through patches or updates.

SI-9 Information Input Restrictions partial match
prevent

Restricts characteristics of uploaded archives to exclude path traversal elements inconsistent with expected organism or sequence data.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

The path traversal vulnerability in the public-facing web upload/unzip feature allows unauthenticated remote attackers to write arbitrary files on the server, directly enabling exploitation of public-facing applications (T1190) and facilitating deployment of web shells (T1100) for code execution and persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

Deeper analysisAI

CVE-2025-23410 is a path traversal vulnerability (CWE-23) affecting GMOD Apollo. The issue arises when uploading organism or sequence data via the web interface, as the application unzips and inspects files from supported archive types without checking for path traversal attacks. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

An unauthenticated remote attacker with network access can exploit this vulnerability by submitting a malicious archive file through the web upload feature. Exploitation requires low complexity and no user interaction, enabling high-impact compromise of confidentiality, integrity, and availability, such as arbitrary file access or modification on the server.

Mitigation guidance is available in the CISA ICS advisory ICSA-25-063-07 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07.

Details

CWE(s)
CWE-23

Affected Products

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-30345Shared CWE-23
CVE-2025-54317Shared CWE-23
CVE-2026-26362Shared CWE-23
CVE-2024-54449Shared CWE-23
CVE-2025-26349Shared CWE-23
CVE-2025-25130Shared CWE-23
CVE-2026-33494Shared CWE-23
CVE-2026-25057Shared CWE-23
CVE-2024-56340Shared CWE-23
CVE-2025-7619Shared CWE-23

References