Cyber Resilience

CVE-2025-25535

Critical

Published: 26 March 2025

Published
26 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0110 78.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25535 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Com (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-25535 is an HTTP Response Manipulation vulnerability affecting Script Case version 1.0.002 Build 7. The flaw, classified under CWE-276, permits unauthorized changes to HTTP responses and carries a CVSS 3.1 score of 9.8 reflecting network-accessible attack vectors with no required privileges or user interaction and full impact on confidentiality, integrity, and availability.

A remote attacker can send a specially crafted request to the affected application and escalate privileges, obtaining the same level of access as a higher-privileged user without authentication.

Public references include a GitHub repository containing research artifacts and an advisory page hosted by BeSafe Brasil; neither source supplies explicit patch or mitigation guidance in the available information. The associated EPSS score remains low, with a current value of 0.0110 and a peak of 0.0190.

EU & UK References

Vulnerability details

HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is an unauthenticated remote exploit in a public-facing web application (SCRIPT CASE) that directly enables privilege escalation via crafted HTTP requests, mapping to T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) for the core impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-49157Shared CWE-276
CVE-2024-55215Shared CWE-276
CVE-2024-53351Shared CWE-276
CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276

Affected Assets

Com
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the HTTP response manipulation vulnerability by remediating the specific flaw in SCRIPT CASE through patching or workarounds.

prevent

Enforces server-side validation of HTTP inputs to block crafted requests that manipulate responses and enable privilege escalation.

prevent

Deploys boundary protection mechanisms like web application firewalls to inspect and block malicious HTTP requests targeting the vulnerability.

References