CVE-2025-25379
Published: 28 February 2025
Summary
CVE-2025-25379 is a critical-severity CSRF (CWE-352) vulnerability in 07Fly 07Flycms. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-25379 is a cross-site request forgery vulnerability, tracked under CWE-352, that affects 07FLYCMS version 1.3.9. The flaw resides in the del.html component and can be triggered through the id parameter, enabling remote code execution. It carries a CVSS 3.1 base score of 9.6, reflecting network attack vector, low attack complexity, no required privileges, required user interaction, and changed scope with high impact on confidentiality, integrity, and availability.
A remote attacker can exploit the issue by crafting a malicious request that an authenticated user is tricked into submitting, resulting in arbitrary code execution on the affected 07FLYCMS instance without direct authentication to the application.
The two provided references both point to the same GitHub repository path containing a readme file that appears to document the vulnerability but does not include official patch or mitigation guidance.
EPSS for this CVE rose from a low baseline to a recorded peak of 0.0164, indicating emerging exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5918
Vulnerability details
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vuln in public-facing CMS allows RCE via forged link requiring user interaction, directly mapping to T1190 (exploit public-facing app) and T1204.001 (malicious link for user execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-23 requires mechanisms such as anti-CSRF tokens to protect session authenticity, directly preventing forged requests that exploit the del.html id parameter in 07FLYCMS.
SI-10 mandates validation of information inputs like the id parameter, blocking arbitrary code execution from malicious values tricked via CSRF.
IA-11 enforces re-authentication for sensitive actions like deletions in del.html, mitigating CSRF by requiring fresh credentials beyond session cookies.