CVE-2025-25535

Critical

Published: 26 March 2025

Published

26 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0110 78.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25535 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Com (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the HTTP response manipulation vulnerability by remediating the specific flaw in SCRIPT CASE through patching or workarounds.

SI-10 Information Input Validation good match

prevent

Enforces server-side validation of HTTP inputs to block crafted requests that manipulate responses and enable privilege escalation.

SC-7 Boundary Protection good match

prevent

Deploys boundary protection mechanisms like web application firewalls to inspect and block malicious HTTP requests targeting the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is an unauthenticated remote exploit in a public-facing web application (SCRIPT CASE) that directly enables privilege escalation via crafted HTTP requests, mapping to T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) for the core impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

Deeper analysisAI

CVE-2025-25535 is a critical HTTP response manipulation vulnerability affecting SCRIPT CASE version 1.0.002 Build7. It enables a remote attacker to escalate privileges through a specially crafted HTTP request, as indicated by its association with CWE-276. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact due to high confidentiality, integrity, and availability consequences with no prerequisites for exploitation beyond network access.

Any unauthenticated remote attacker can exploit this vulnerability by sending a malicious HTTP request to a vulnerable SCRIPT CASE instance. Successful exploitation allows privilege escalation, potentially granting unauthorized high-level access to the application or underlying system, which could lead to full compromise including data exfiltration, modification, or disruption of services.

Advisories and additional details are available in referenced sources, including a GitHub research repository at https://github.com/simalamuel/Research/tree/main/CVE-2025-25535 and a BeSafe Brasil advisory at https://www.besafebrasil.com.br/script-case-cve-2025-xx-xxxx/, which may provide guidance on detection, patches, or workarounds.