CVE-2025-25379

Critical

Published: 28 February 2025

Published

28 February 2025

Modified

15 April 2025

KEV Added

—

Patch

—

CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0085 75.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25379 is a critical-severity CSRF (CWE-352) vulnerability in 07Fly 07Flycms. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

SC-23 requires mechanisms such as anti-CSRF tokens to protect session authenticity, directly preventing forged requests that exploit the del.html id parameter in 07FLYCMS.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs like the id parameter, blocking arbitrary code execution from malicious values tricked via CSRF.

IA-11 Re-authentication partial match

prevent

IA-11 enforces re-authentication for sensitive actions like deletions in del.html, mitigating CSRF by requiring fresh credentials beyond session cookies.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

Why these techniques?

CSRF vuln in public-facing CMS allows RCE via forged link requiring user interaction, directly mapping to T1190 (exploit public-facing app) and T1204.001 (malicious link for user execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.

Deeper analysisAI

CVE-2025-25379 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, affecting 07FLYCMS version 1.3.9. The flaw resides in the del.html component, where a remote attacker can exploit the id parameter to execute arbitrary code. Published on 2025-02-28, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact compromise.

The vulnerability can be exploited by a remote attacker requiring no privileges over the network with low attack complexity, though it necessitates user interaction, such as tricking an authenticated user into visiting a malicious site or clicking a forged link. Upon success, the attack changes scope and grants high confidentiality, integrity, and availability impacts, culminating in arbitrary code execution on the targeted 07FLYCMS instance.

Advisories and further details, including potential patches or workarounds, are referenced in the GitHub repository at https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md.