Cyber Posture

CVE-2025-25759

High

Published: 27 February 2025

Published
27 February 2025
Modified
09 April 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0077 73.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25759 is a high-severity Path Traversal (CWE-22) vulnerability in Sucms Project Sucms. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates crafted GET request parameters in admin_template.php to block directory traversal and prevent arbitrary file deletion.

SI-2 Flaw Remediation good match
prevent

Identifies, reports, and corrects the path traversal flaw in SUCMS v1.0's admin_template.php, eliminating the vulnerability root cause.

SI-9 Information Input Restrictions partial match
prevent

Restricts types and characteristics of GET request inputs to exclude path traversal sequences like '../' targeting arbitrary file deletion.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
attack.mitre.org →
Why these techniques?

Web-based path traversal enables remote exploitation of public-facing app (T1190) and direct arbitrary file deletion for indicator removal or data destruction (T1070.004, T1485).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.

Deeper analysisAI

CVE-2025-25759 is a vulnerability in the admin_template.php component of SUCMS version 1.0. It enables directory traversal and arbitrary file deletion through a crafted GET request. The issue is linked to CWE-22 (path traversal) and CWE-552 (files or directories accessible to external parties), with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its integrity impact.

Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows deletion of arbitrary files on the affected system, potentially disrupting operations by removing critical files without affecting confidentiality or availability directly.

Mitigation details are available in the referenced advisory at https://github.com/147536951/Qianyi-learn/blob/main/SUCMS.pdf, published on 2025-02-27.

Details

CWE(s)
CWE-22CWE-552

Affected Products

sucms project
sucms
1.0

CVEs Like This One

CVE-2025-25760Same product: Sucms Project Sucms
CVE-2024-13194Same product: Sucms Project Sucms
CVE-2025-65879Shared CWE-22
CVE-2026-31913Shared CWE-22
CVE-2026-24969Shared CWE-22
CVE-2025-69990Shared CWE-552
CVE-2025-68907Shared CWE-22
CVE-2025-6989Shared CWE-22
CVE-2025-37168Shared CWE-552
CVE-2026-31939Shared CWE-22

References