Cyber Resilience

CVE-2025-25067

CriticalRCE

Published: 13 February 2025

Published
13 February 2025
Modified
23 April 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0124 79.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25067 is a critical-severity OS Command Injection (CWE-78) vulnerability in Myscada Mypro. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

mySCADA myPRO Manager contains an OS command injection vulnerability tracked as CVE-2025-25067 and CWE-78. The flaw allows arbitrary operating-system command execution and is rated 9.3 under CVSS 4.0 with a network attack vector, low complexity, and no authentication or user-interaction requirements.

An unauthenticated remote attacker can send crafted input to the affected component and obtain full control over confidentiality, integrity, and availability of the host system. Exploitation requires only network reachability to the manager service.

The CISA advisory ICSA-25-044-16 and vendor pages at myscada.org supply mitigation guidance and updated downloads. The associated EPSS score remains flat at 0.0124 with no material increase after disclosure.

EU & UK References

Vulnerability details

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote OS command injection in public-facing app directly enables T1190 for initial access via exploitation and T1059 for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24865Same product: Myscada Mypro
CVE-2025-22896Same product: Myscada Mypro
CVE-2025-60962Shared CWE-78
CVE-2025-23316Shared CWE-78
CVE-2026-30880Shared CWE-78
CVE-2025-64124Shared CWE-78
CVE-2024-58274Shared CWE-78
CVE-2026-34188Shared CWE-78
CVE-2025-0680Shared CWE-78
CVE-2026-5965Shared CWE-78

Affected Assets

myscada
mypro
≤ 1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws such as the OS command injection vulnerability in CVE-2025-25067, including applying vendor patches.

prevent

SI-10 enforces validation of all inputs to mySCADA myPRO Manager, directly preventing malicious payloads from enabling OS command injection in CVE-2025-25067.

detect

SI-4 provides continuous monitoring to identify indicators of successful OS command injection exploitation from CVE-2025-25067, such as anomalous processes or system calls.

References